libubus: nullify stale msgbuf pointer in case of ubus_connect_ctx() failure

If the ubus_reconnect() call fails in ubus_connect_ctx(), the msgbuf.data
newly allocated buffer is freed, but its pointer in the ubus_context is not
removed.

This leads to a double free error if ubus_auto_shutdown() is called for cleanup
after ubus_auto_connect() failed to connect to ubusd.

Signed-off-by: Eyal Birger <eyal.birger@gmail.com>

diff --git a/libubus.c b/libubus.c
index d52faff9d9cd11b573584268df21f776b6fbe379..8163ff7004fb6e23487a7661f9c55b8cc9a55783 100644 (file)
--- a/libubus.c
+++ b/libubus.c
@@ -294,6 +294,7 @@ int ubus_connect_ctx(struct ubus_context *ctx, const char *path)
        avl_init(&ctx->objects, ubus_cmp_id, false, NULL);
        if (ubus_reconnect(ctx, path)) {
                free(ctx->msgbuf.data);
+               ctx->msgbuf.data = NULL;
                return -1;
        }