Merge branch 'jb51889' into 'master'

[vpn] Fix crashes in connmand. Fixes JB#51889

See merge request mer-core/connman!301

connman/gweb/gresolv.c

@@ -526,7 +526,7 @@ static void sort_and_return_results(struct resolv_lookup *lookup)
 			status = lookup->ipv4_status;
 	}
 
-	debug(lookup->resolv, "lookup %p received %d results", lookup, n);
+	debug(lookup->resolv, "lookup %p received %d results", lookup, n-1);
 
 	g_queue_remove(lookup->resolv->lookup_queue, lookup);
 	destroy_lookup(lookup);
@@ -694,7 +694,10 @@ static void parse_response(struct resolv_nameserver *nameserver,
 
 	switch (rcode) {
 	case ns_r_noerror:
-		status = G_RESOLV_RESULT_STATUS_SUCCESS;
+		if (count > 0)
+			status = G_RESOLV_RESULT_STATUS_SUCCESS;
+		else
+			status = G_RESOLV_RESULT_STATUS_NO_ANSWER;
 		break;
 	case ns_r_formerr:
 		status = G_RESOLV_RESULT_STATUS_FORMAT_ERROR;

connman/gweb/gresolv.h

@@ -44,6 +44,7 @@ typedef enum {
 	G_RESOLV_RESULT_STATUS_NAME_ERROR,
 	G_RESOLV_RESULT_STATUS_NOT_IMPLEMENTED,
 	G_RESOLV_RESULT_STATUS_REFUSED,
+	G_RESOLV_RESULT_STATUS_NO_ANSWER,
 } GResolvResultStatus;
 
 typedef void (*GResolvResultFunc)(GResolvResultStatus status,

connman/plugins/neard.c

@@ -499,7 +499,7 @@ static void register_agent_cb(DBusPendingCall *pending, void *user_data)
 	DBusMessage *reply;
 
 	if (!dbus_pending_call_get_completed(pending))
-		return;
+		goto out;
 
 	register_call = NULL;
 

connman/plugins/sailfish_developer_mode.c

@@ -388,11 +388,11 @@ static void get_usb_moded_state_reply(DBusPendingCall *call, void *user_data)
 
 	/*
 	 * A theoretical chance that call notify is called without receiving a
-	 * reply. No change must be done, just return.
+	 * reply. Possibly a timeout, we need to free the call.
 	 */
 	if (!dbus_pending_call_get_completed(call)) {
 		DBG("pending call notify called but no reply received yet");
-		return;
+		goto done;
 	}
 
 	reply = dbus_pending_call_steal_reply(call);

connman/plugins/vpn.c

@@ -96,6 +96,7 @@ struct connection_data {
 
 	GResolv *resolv;
 	guint resolv_id;
+	guint remove_resolv_id;
 };
 
 static int set_string(struct connman_provider *provider,
@@ -173,10 +174,15 @@ static char *get_ident(const char *path)
 
 static void cancel_host_resolv(struct connection_data *data)
 {
-	if (data->resolv_id != 0)
+
+	if (data->remove_resolv_id)
+		g_source_remove(data->remove_resolv_id);
+
+	if (data->resolv && data->resolv_id)
 		g_resolv_cancel_lookup(data->resolv, data->resolv_id);
 
 	data->resolv_id = 0;
+	data->remove_resolv_id = 0;
 
 	g_resolv_unref(data->resolv);
 	data->resolv = NULL;
@@ -208,7 +214,7 @@ static void resolv_result(GResolvResultStatus status,
 	 * We cannot unref the resolver here as resolv struct is manipulated
 	 * by gresolv.c after we return from this callback.
 	 */
-	g_timeout_add_seconds(0, remove_resolv, data);
+	data->remove_resolv_id = g_timeout_add(0, remove_resolv, data);
 
 	data->resolv_id = 0;
 }
@@ -498,8 +504,12 @@ static void connect_reply(DBusPendingCall *call, void *user_data)
 	struct connection_data *data = user_data;
 	struct config_create_data *cb_data = data->cb_data;
 
-	if (!dbus_pending_call_get_completed(call))
-		return;
+	DBG("");
+
+	if (!dbus_pending_call_get_completed(call)) {
+		connman_warn("vpn connect reply pending call incomplete");
+		goto out;
+	}
 
 	if (call != data->call) {
 		connman_error("invalid call %p to VPN connect_reply data %p "
@@ -786,12 +796,16 @@ static void get_connections_reply(DBusPendingCall *call, void *user_data)
 		DBUS_DICT_ENTRY_END_CHAR_AS_STRING
 		DBUS_STRUCT_END_CHAR_AS_STRING;
 
-	if (!dbus_pending_call_get_completed(call))
-		return;
-
 	DBG("");
 
+	if (!dbus_pending_call_get_completed(call)) {
+		connman_warn("get connections reply pending call incomplete");
+		goto out;
+	}
+
 	reply = dbus_pending_call_steal_reply(call);
+	if (!reply)
+		goto out;
 
 	dbus_error_init(&error);
 
@@ -831,6 +845,7 @@ static void get_connections_reply(DBusPendingCall *call, void *user_data)
 done:
 	dbus_message_unref(reply);
 
+out:
 	dbus_pending_call_unref(call);
 }
 
@@ -878,12 +893,16 @@ static void remove_connection_reply(DBusPendingCall *call, void *user_data)
 	DBusMessage *reply;
 	DBusError error;
 
-	if (!dbus_pending_call_get_completed(call))
-		return;
-
 	DBG("");
 
+	if (!dbus_pending_call_get_completed(call)) {
+		connman_warn("remove connection reply pending call incomplete");
+		goto out;
+	}
+
 	reply = dbus_pending_call_steal_reply(call);
+	if (!reply)
+		goto out;
 
 	dbus_error_init(&error);
 
@@ -901,6 +920,7 @@ static void remove_connection_reply(DBusPendingCall *call, void *user_data)
 
 	dbus_message_unref(reply);
 
+out:
 	dbus_pending_call_unref(call);
 }
 
@@ -1072,12 +1092,16 @@ static void configuration_create_reply(DBusPendingCall *call, void *user_data)
 	struct connection_data *data;
 	struct config_create_data *cb_data = user_data;
 
-	if (!dbus_pending_call_get_completed(call))
-		return;
-
 	DBG("user %p", cb_data);
 
+	if (!dbus_pending_call_get_completed(call)) {
+		connman_warn("configuration create reply pending call incomplete");
+		goto out;
+	}
+
 	reply = dbus_pending_call_steal_reply(call);
+	if (!reply)
+		goto out;
 
 	dbus_error_init(&error);
 
@@ -1131,6 +1155,7 @@ static void configuration_create_reply(DBusPendingCall *call, void *user_data)
 done:
 	dbus_message_unref(reply);
 
+out:
 	dbus_pending_call_unref(call);
 }
 

connman/tools/resolv-test.c

@@ -63,6 +63,8 @@ static const char *status2str(GResolvResultStatus status)
 		return "not implemented";
 	case G_RESOLV_RESULT_STATUS_REFUSED:
 		return "refused";
+	case G_RESOLV_RESULT_STATUS_NO_ANSWER:
+		return "no answer";
 	}
 
 	return NULL;

connman/unit/test-sailfish_developer_mode.c

@@ -1699,12 +1699,6 @@ static void developer_mode_plugin_test_dbus_error7()
 	g_assert(sent_message == old_msg);
 	g_assert_cmpint(test_device1.refcount, ==, 1);
 
-	/* Let pending call to complete, notification is done */
-	set_dbus_config(DBUS_CONFIG_UNSET);
-	call_dbus_pending_notify();
-	g_assert(notify_status == NOTIFY_TRUE);
-	g_assert_cmpint(test_device1.refcount, ==, 1);
-
 	__connman_builtin_sailfish_developer_mode.exit();
 
 	g_assert_cmpint(test_device1.refcount, ==, 0);