aljaz/lightning
1
0
Fork 0
mirror of https://github.com/aljazceru/lightning.git synced 2026-01-25 16:54:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

connectd: fix crash on freed context for new connections.

Browse Source 
ccan/io stores the context pointer for io_new_conn, but we were using
`daemon->listeners` which we reallocate, so it can use a stale pointer.

```
0x3e1700 call_error
	ccan/ccan/tal/tal.c:93
0x3e1700 check_bounds
	ccan/ccan/tal/tal.c:165
0x3e1700 to_tal_hdr
	ccan/ccan/tal/tal.c:174
0x3e1211 to_tal_hdr_or_null
	ccan/ccan/tal/tal.c:186
0x3e1211 tal_alloc_
	ccan/ccan/tal/tal.c:426
0x3db8f4 io_new_conn_
	ccan/ccan/io/io.c:91
0x3dd2e1 accept_conn
	ccan/ccan/io/poll.c:277
0x3dd2e1 io_loop
	ccan/ccan/io/poll.c:444
0x3419fa main
	connectd/connectd.c:2081
```

Fixes: #6060
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell
2023-03-07 07:22:13 +10:30
committed by Alex Myers
parent 194d37b70f
commit b5c614069b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
connectd/connectd.c
View File

@@ -1570,7 +1570,7 @@ static void connect_activate(struct daemon *daemon, const u8 *msg)
}
/* Add to listeners array */
tal_arr_expand(&daemon->listeners,
io_new_listener(daemon->listeners,
io_new_listener(daemon,
daemon->listen_fds[i]->fd,
get_in_cb(daemon->listen_fds[i]
->is_websocket),