netifd: Fix node version set after free

Fixes an issue where a bridge member will be removed from the bridge
upon an interface ifup as the bridge node version -1 is overwritten
by vlist_add while the new created bridge member pointer is freed in
bridge_member_update

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

diff --git a/bridge.c b/bridge.c
index 3edfeaac4abf741dee2940e608cad0500c4c74c6..fed4de3c988a94aefaca4461a4d8b71bb64d9b8e 100644 (file)
--- a/bridge.c
+++ b/bridge.c
@@ -344,7 +344,11 @@ bridge_create_member(struct bridge_state *bst, struct device *dev, bool hotplug)
        strcpy(bm->name, dev->ifname);
        bm->dev.dev = dev;
        vlist_add(&bst->members, &bm->node, bm->name);
-       if (hotplug)
+       // Need to look up the bridge member again as the above
+       // created pointer will be freed in case the bridge member
+       // already existed
+       bm = vlist_find(&bst->members, dev->ifname, bm, node);
+       if (hotplug && bm)
                bm->node.version = -1;
 
        return bm;