From c8d38bc1d9d578a884d4aa661a928c53c18d77fd Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Thu, 17 Feb 2022 20:06:32 +0100 Subject: ipcpd: Fix deadlock in dht_unreg The dht_del function was called under lock in dht_unreg, and then tried to take the lock again, a 100% deadlock. Also fix uninitialized value in dht_retrieve. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/ipcpd/unicast/dir/dht.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'src/ipcpd/unicast/dir') diff --git a/src/ipcpd/unicast/dir/dht.c b/src/ipcpd/unicast/dir/dht.c index 959fc179..d84da9da 100644 --- a/src/ipcpd/unicast/dir/dht.c +++ b/src/ipcpd/unicast/dir/dht.c @@ -1883,18 +1883,13 @@ static int dht_del(struct dht * dht, { struct dht_entry * e; - pthread_rwlock_wrlock(&dht->lock); - e = dht_find_entry(dht, key); if (e == NULL) { - pthread_rwlock_unlock(&dht->lock); return -EPERM; } dht_entry_del_addr(e, addr); - pthread_rwlock_unlock(&dht->lock); - return 0; } @@ -1917,11 +1912,11 @@ static buffer_t dht_retrieve(struct dht * dht, if (buf.len == 0) goto fail; - pos = malloc(sizeof(dht->addr) * buf.len); - if (pos == NULL) + buf.data = malloc(sizeof(dht->addr) * buf.len); + if (buf.data == NULL) goto fail; - buf.data = (uint8_t *) pos; + pos = (uint64_t *) buf.data; list_for_each(p, &e->vals) { struct val * v = list_entry(p, struct val, next); -- cgit v1.2.3