core/net/rime/ipolite: stop ctimer and reset queuebuf pointer when canceling old send
Ipolite is used by netflood and route-discovery modules among others. If a route request is yet to be re-broadcasted and a local route discovery is started (interval == 0), the previous queuebuf used is freed but ctimer and queuebuf pointer is left unchanged. This causes corrupt route requests to be sent, invalid routing tables to be formed, memcmp() on NULL pointer on receive, and other undefined behavior. Signed-off-by: Oskar Nordquist <oskar.nordquist@crlsweden.com>
This commit is contained in:
parent
6fb7dd238e
commit
5e640411f5
@ -148,6 +148,8 @@ ipolite_send(struct ipolite_conn *c, clock_time_t interval, uint8_t hdrsize)
|
||||
PRINTF("%d.%d: ipolite_send: cancel old send\n",
|
||||
linkaddr_node_addr.u8[0],linkaddr_node_addr.u8[1]);
|
||||
queuebuf_free(c->q);
|
||||
c->q = NULL;
|
||||
ctimer_stop(&c->t);
|
||||
}
|
||||
c->dups = 0;
|
||||
c->hdrsize = hdrsize;
|
||||
|
Loading…
Reference in New Issue
Block a user