[PATCH v2] ipcpd: Fix deadlock in dht_unreg

  • From: Dimitri Staessens <dimitri@ouroboros.rocks>
  • To: ouroboros@xxxxxxxxxxxxx
  • Date: Thu, 17 Feb 2022 20:06:32 +0100

The dht_del function was called under lock in dht_unreg, and then
tried to take the lock again, a 100% deadlock. Also fix uninitialized
value in dht_retrieve.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
---
 src/ipcpd/unicast/dir/dht.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/ipcpd/unicast/dir/dht.c b/src/ipcpd/unicast/dir/dht.c
index 959fc179..d84da9da 100644
--- a/src/ipcpd/unicast/dir/dht.c
+++ b/src/ipcpd/unicast/dir/dht.c
@@ -1883,18 +1883,13 @@ static int dht_del(struct dht *    dht,
 {
         struct dht_entry * e;
 
-        pthread_rwlock_wrlock(&dht->lock);
-
         e = dht_find_entry(dht, key);
         if (e == NULL) {
-                pthread_rwlock_unlock(&dht->lock);
                 return -EPERM;
         }
 
         dht_entry_del_addr(e, addr);
 
-        pthread_rwlock_unlock(&dht->lock);
-
         return 0;
 }
 
@@ -1917,11 +1912,11 @@ static buffer_t dht_retrieve(struct dht *    dht,
         if (buf.len == 0)
                 goto fail;
 
-        pos = malloc(sizeof(dht->addr) * buf.len);
-        if (pos == NULL)
+        buf.data = malloc(sizeof(dht->addr) * buf.len);
+        if (buf.data == NULL)
                 goto fail;
 
-        buf.data = (uint8_t *) pos;
+        pos = (uint64_t *) buf.data;
 
         list_for_each(p, &e->vals) {
                 struct val * v = list_entry(p, struct val, next);
-- 
2.35.1


Other related posts: