diff options
| author | Igor Ryzhov <iryzhov@nfware.com> | 2021-10-07 15:53:10 +0300 |
|---|---|---|
| committer | Igor Ryzhov <iryzhov@nfware.com> | 2021-10-07 16:01:03 +0300 |
| commit | 7640e3c60b33e13376185a0e0c85f3f6c272d0a9 (patch) | |
| tree | 91dddddd3fe42fc4ce3e93d452b11504cf829083 /lib/agentx.c | |
| parent | b7a88ee2910a1c76ccbae38a9e7226d6c93fff37 (diff) | |
*: don't pass pointers to a local variables to thread_add_*
We should never pass pointers to local variables to thread_add_* family.
When an event is executed, the library writes into this pointer, which
means it writes into some random memory on a stack.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Diffstat (limited to 'lib/agentx.c')
| -rw-r--r-- | lib/agentx.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/lib/agentx.c b/lib/agentx.c index 6d4e68d651..5f865ca2b8 100644 --- a/lib/agentx.c +++ b/lib/agentx.c @@ -63,6 +63,8 @@ static int agentx_read(struct thread *t) int flags, new_flags = 0; int nonblock = false; struct listnode *ln = THREAD_ARG(t); + struct thread **thr = listgetdata(ln); + XFREE(MTYPE_TMP, thr); list_delete_node(events, ln); /* fix for non blocking socket */ @@ -109,7 +111,7 @@ static void agentx_events_update(void) struct timeval timeout = {.tv_sec = 0, .tv_usec = 0}; fd_set fds; struct listnode *ln; - struct thread *thr; + struct thread **thr; int fd, thr_fd; thread_cancel(&timeout_thr); @@ -125,7 +127,7 @@ static void agentx_events_update(void) ln = listhead(events); thr = ln ? listgetdata(ln) : NULL; - thr_fd = thr ? THREAD_FD(thr) : -1; + thr_fd = thr ? THREAD_FD(*thr) : -1; /* "two-pointer" / two-list simultaneous iteration * ln/thr/thr_fd point to the next existing event listener to hit while @@ -135,20 +137,21 @@ static void agentx_events_update(void) if (thr_fd == fd) { struct listnode *nextln = listnextnode(ln); if (!FD_ISSET(fd, &fds)) { - thread_cancel(&thr); + thread_cancel(thr); + XFREE(MTYPE_TMP, thr); list_delete_node(events, ln); } ln = nextln; thr = ln ? listgetdata(ln) : NULL; - thr_fd = thr ? THREAD_FD(thr) : -1; + thr_fd = thr ? THREAD_FD(*thr) : -1; } /* need listener, but haven't hit one where it would be */ else if (FD_ISSET(fd, &fds)) { struct listnode *newln; - thr = NULL; - thread_add_read(agentx_tm, agentx_read, NULL, fd, &thr); + thr = XCALLOC(MTYPE_TMP, sizeof(struct thread *)); + thread_add_read(agentx_tm, agentx_read, NULL, fd, thr); newln = listnode_add_before(events, ln, thr); - thr->arg = newln; + (*thr)->arg = newln; } } @@ -157,7 +160,8 @@ static void agentx_events_update(void) while (ln) { struct listnode *nextln = listnextnode(ln); thr = listgetdata(ln); - thread_cancel(&thr); + thread_cancel(thr); + XFREE(MTYPE_TMP, thr); list_delete_node(events, ln); ln = nextln; } |