we add service ref count at function add_gateway, then when we disable
one technology, we will remove related service from network, if we not
call __connman_connection_remove_gateway to unref the service count
we can't call __connman_service_disconnect when we put the service. Then
when netlink newlink event with flag DOWN, we will access already freed
memory due to ipconfig does not remove from ipconfig_list, then connman
will crash.
---
src/service.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/service.c b/src/service.c
index a6c764c..ea47076 100644
--- a/src/service.c
+++ b/src/service.c
@@ -5501,6 +5501,8 @@ void __connman_service_remove_from_network(struct
connman_network *network)
if (service == NULL)
return;
+ __connman_connection_gateway_remove(service,
+ CONNMAN_IPCONFIG_TYPE_ALL);
__connman_service_put(service);
}
--
1.7.2.2
_______________________________________________
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
