From 2f215b5c3139a0cb05d4db3cf8b3c8a2ee8bf9dc Mon Sep 17 00:00:00 2001
From: Sander Vrijders <sander.vrijders@ugent.be>
Date: Wed, 23 Aug 2017 12:46:04 +0200
Subject: irmd: Fix potential data race in irmd

If the IPCP was not created, the printing of the log may use a
variable that was already freed.
---
 src/irmd/main.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src/irmd')

diff --git a/src/irmd/main.c b/src/irmd/main.c
index 62c1cc61..a7c2bd4c 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -292,6 +292,7 @@ static pid_t create_ipcp(char *         name,
         struct timespec     dl;
         struct timespec     to = {SOCKET_TIMEOUT / 1000,
                                   (SOCKET_TIMEOUT % 1000) * MILLION};
+        pid_t               ipcp_pid;
 
         api = malloc(sizeof(*api));
         if (api == NULL)
@@ -344,6 +345,7 @@ static pid_t create_ipcp(char *         name,
         tmp->type          = ipcp_type;
         tmp->init_state    = IPCP_BOOT;
         tmp->dir_hash_algo = -1;
+        ipcp_pid           = tmp->api;
 
         list_for_each(p, &irmd.ipcps) {
                 struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next);
@@ -372,15 +374,15 @@ static pid_t create_ipcp(char *         name,
                 tmp->init_state = IPCP_NULL;
                 pthread_cond_signal(&tmp->init_cond);
                 pthread_mutex_unlock(&tmp->init_lock);
-                log_err("IPCP %d failed to respond.", tmp->api);
+                log_err("IPCP %d failed to respond.", ipcp_pid);
                 return -1;
         }
 
         pthread_mutex_unlock(&tmp->init_lock);
 
-        log_info("Created IPCP %d.", tmp->api);
+        log_info("Created IPCP %d.", ipcp_pid);
 
-        return api->pid;
+        return ipcp_pid;
 }
 
 static int create_ipcp_r(pid_t api,
-- 
cgit v1.2.3