diff options
| author | Tim Nordell | 2025-10-15 20:43:59 +0000 |
|---|---|---|
| committer | Daniel Golle | 2026-03-14 00:29:08 +0000 |
| commit | 45bef92d049f9f31c1624ae59de5ca3546cf4289 (patch) | |
| tree | 27e859fb7eeac8a70da85c8f2ba48a5ca6655dcc | |
| parent | 8294471cffee92b7143e8f55240be25233c8f3a6 (diff) | |
| download | procd-45bef92d049f9f31c1624ae59de5ca3546cf4289.tar.gz | |
service instance: Fix overwriting of watchdog linked list members
The instance_config_move(...) function copies the settings from a newly
constructed instance from a "ubus call service set {...}" call into
a prior instance. The `in->watchdog.timeout` is of the type
`struct uloop_timeout` which contains a `struct list` inside of it. This
list is a linked list structure, so when the uloop_timeout is already
in the linked list, this overwrites this particular location with a NULL
pointer for the next/prev entries. This causes procd to crash.
This crash occurs every time "ubus call service set {...}" is called (e.g.
via /etc/init.d/SERVICE start) when a daemon is using the "watchdog"
feature has already been started.
Fixes: 28be011 ("instance: make sure values are not inherited from previous runs")
Signed-off-by: Tim Nordell <tnordell@airgain.com>
(cherry picked from commit 52c64d24ce9cf255b9c348e5db118a35c9407d75)
| -rw-r--r-- | service/instance.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/service/instance.c b/service/instance.c index df8c09b..21fa7ae 100644 --- a/service/instance.c +++ b/service/instance.c @@ -1510,7 +1510,7 @@ instance_config_move(struct service_instance *in, struct service_instance *in_sr in->term_timeout = in_src->term_timeout; in->watchdog.mode = in_src->watchdog.mode; in->watchdog.freq = in_src->watchdog.freq; - in->watchdog.timeout = in_src->watchdog.timeout; + // Note: in->watchdog.timeout is in a linked list; do not copy in->name = in_src->name; in->nice = in_src->nice; in->trace = in_src->trace; |