There exists a crash bug such that an un-cancelled timeout callback for
silc_server_connect_to_retry fires after the connection object has
already been cleaned up. Any router_retry requests must be cancelled
when we are deleting the associated connect object. The fix that was
implemented was to cancel silc_server_connect_to_router_retry in
addition to silc_server_connect_to_router when a call to
silc_server_create_connections is made. (This routine is called when
we are to make new server connections if reconnects are enabled.)
The problem would typically occur after a long enough time with silcd
trying to connect to a router server over and over; there is a race
condition component that can delay the initial use-after-free condition
for some time.
SILC_TASK_CALLBACK(silc_server_rekey_final);
SILC_TASK_CALLBACK(silc_server_rekey_callback);
SILC_TASK_CALLBACK(silc_server_connect_to_router);
+SILC_TASK_CALLBACK(silc_server_connect_to_router_retry);
void silc_server_watcher_list_destroy(void *key, void *context,
void *user_context);
void silc_server_create_connections(SilcServer server)
{
+ silc_schedule_task_del_by_callback(server->schedule,
+ silc_server_connect_to_router_retry);
silc_schedule_task_del_by_callback(server->schedule,
silc_server_connect_to_router);
silc_schedule_task_add_timeout(server->schedule,
projects / silc.git / commitdiff