From 3544d4584c70debc7bbf93c6dad00b303ff8919a Mon Sep 17 00:00:00 2001 From: Patrick Oppenlander Date: Tue, 29 Jun 2010 01:08:26 +0200 Subject: core: fix potential crash on service name collision If there is a service name collision and the entry group callback calls avahi_s_entry_group_reset or avahi_s_entry_group free on the group in question, the entries were released. This could cause a crash in withdraw_rrset as it is walking a list of entries at this time. The fix for this issue is to schedule a cleanup event to clean up entries after a a short timeout (currently one second). If a cleanup occurs for any other reason the event is cancelled. http://avahi.org/ticket/302 --- avahi-core/server.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'avahi-core/server.c') diff --git a/avahi-core/server.c b/avahi-core/server.c index a149f0f..d7fd71b 100644 --- a/avahi-core/server.c +++ b/avahi-core/server.c @@ -1387,6 +1387,7 @@ AvahiServer *avahi_server_new(const AvahiPoll *poll_api, const AvahiServerConfig s->need_entry_cleanup = 0; s->need_group_cleanup = 0; s->need_browser_cleanup = 0; + s->cleanup_time_event = NULL; s->hinfo_entry_group = NULL; s->browse_domain_entry_group = NULL; s->error = AVAHI_OK; @@ -1486,6 +1487,9 @@ void avahi_server_free(AvahiServer* s) { avahi_wide_area_engine_free(s->wide_area_lookup_engine); avahi_multicast_lookup_engine_free(s->multicast_lookup_engine); + if (s->cleanup_time_event) + avahi_time_event_free(s->cleanup_time_event); + avahi_time_event_queue_free(s->time_event_queue); /* Free watches */ -- cgit