From 5c43a88e369950a34b1c40d655b598bedd16beda Mon Sep 17 00:00:00 2001 From: Skywing Date: Fri, 21 Nov 2008 23:57:32 -0500 Subject: [PATCH] Cancel silc_server_connect_to_router_retry when connecting. There exists a crash bug such that an un-cancelled timeout callback for silc_server_connect_to_retry fires after the connection object has already been cleaned up. Any router_retry requests must be cancelled when we are deleting the associated connect object. The fix that was implemented was to cancel silc_server_connect_to_router_retry in addition to silc_server_connect_to_router when a call to silc_server_create_connections is made. (This routine is called when we are to make new server connections if reconnects are enabled.) The problem would typically occur after a long enough time with silcd trying to connect to a router server over and over; there is a race condition component that can delay the initial use-after-free condition for some time. --- apps/silcd/server_internal.h | 1 + apps/silcd/server_util.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/apps/silcd/server_internal.h b/apps/silcd/server_internal.h index e6b916ec..fd948ffe 100644 --- a/apps/silcd/server_internal.h +++ b/apps/silcd/server_internal.h @@ -236,6 +236,7 @@ do { \ SILC_TASK_CALLBACK(silc_server_rekey_final); SILC_TASK_CALLBACK(silc_server_rekey_callback); SILC_TASK_CALLBACK(silc_server_connect_to_router); +SILC_TASK_CALLBACK(silc_server_connect_to_router_retry); void silc_server_watcher_list_destroy(void *key, void *context, void *user_context); diff --git a/apps/silcd/server_util.c b/apps/silcd/server_util.c index b3cff368..28e33ed1 100644 --- a/apps/silcd/server_util.c +++ b/apps/silcd/server_util.c @@ -2022,6 +2022,8 @@ void silc_server_inviteban_destruct(void *key, void *context, void silc_server_create_connections(SilcServer server) { + silc_schedule_task_del_by_callback(server->schedule, + silc_server_connect_to_router_retry); silc_schedule_task_del_by_callback(server->schedule, silc_server_connect_to_router); silc_schedule_task_add_timeout(server->schedule, -- 2.24.0