From 1a406c25cfc5a08905dbadc7913d4b3998fede7c Mon Sep 17 00:00:00 2001
From: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Date: Wed, 14 Mar 2012 17:28:54 +0200
Subject: [PATCH] connection: Avoid stale memory access

Get the active gateway pointer only after the gateway hash
has been manipulated by add_gateway(). It is possible that
we are accessing stale pointer otherwise.
---
 src/connection.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/connection.c b/src/connection.c
index 545b59f..e4e21d6 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -567,11 +567,12 @@ int __connman_connection_gateway_add(struct connman_service *service,
 	DBG("service %p index %d gateway %s vpn ip %s type %d",
 		service, index, gateway, peer, type);
 
-	active_gateway = find_active_gateway();
 	new_gateway = add_gateway(service, index, gateway, type);
 	if (new_gateway == NULL)
 		return -EINVAL;
 
+	active_gateway = find_active_gateway();
+
 	DBG("active %p index %d new %p", active_gateway,
 		active_gateway ? active_gateway->index : -1, new_gateway);
 
-- 
2.7.4