From ee29e7046e205e1e2eb3bab6f608c5cac8a6bf3a Mon Sep 17 00:00:00 2001
From: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Date: Fri, 25 Nov 2011 17:05:37 +0200
Subject: [PATCH] ipconfig: Remove ipconfig from ipconfig_list

It is possible that ipdevice does not contain ipconfig for
some reason. If that happens, then ipconfig is not removed
from ipconfig_list which will then escalate into freed memory
access when interface is taken down.
The problem was seen with valgrind when tethering was enabled
and then disabled for wifi.
---
 src/ipconfig.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ipconfig.c b/src/ipconfig.c
index b472990..f817699 100644
--- a/src/ipconfig.c
+++ b/src/ipconfig.c
@@ -1330,7 +1330,8 @@ void connman_ipconfig_unref(struct connman_ipconfig *ipconfig)
 	if (__sync_fetch_and_sub(&ipconfig->refcount, 1) != 1)
 		return;
 
-	__connman_ipconfig_disable(ipconfig);
+	if (__connman_ipconfig_disable(ipconfig) < 0)
+		ipconfig_list = g_list_remove(ipconfig_list, ipconfig);
 
 	connman_ipconfig_set_ops(ipconfig, NULL);
 
-- 
2.7.4