From 0067ba257dacf0c09fc026e54e3ef7e635bd3e47 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Tue, 16 Aug 2022 20:30:49 +0200
Subject: [PATCH] network: fix potential use-after-free

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 auth-data.c | 2 +-
 network.c   | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/auth-data.c b/auth-data.c
index 3d66213..cd07958 100644
--- a/auth-data.c
+++ b/auth-data.c
@@ -31,7 +31,7 @@ int unet_auth_data_validate(const uint8_t *key, const void *buf, size_t len,
 	if (!edsign_verify(&vst, hdr->signature, data->pubkey))
 		return -3;
 
-	if (*(char *)(data + len - 1) != 0)
+	if (((char *)data)[len - 1] != 0)
 		return -2;
 
 	if (timestamp)
diff --git a/network.c b/network.c
index 15429ad..6042652 100644
--- a/network.c
+++ b/network.c
@@ -436,6 +436,7 @@ static int network_setup(struct network *net)
 
 static void network_teardown(struct network *net)
 {
+	uloop_timeout_cancel(&net->connect_timer);
 	uloop_timeout_cancel(&net->reload_timer);
 	network_do_update(net, false);
 	network_pex_close(net);
-- 
2.30.2