connman: CVE-2022-32293 man-in-the-middle attack against a WISPR HTTP

Source: https://git.kernel.org/pub/scm/network/connman/connman.git/ MR: 120508 Type: Security Fix Disposition: Backport from https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c && https://git.kernel.org/pub/scm/network/connman/connman.git/commit/src/wispr.c?id=416bfaff988882c553c672e5bfc2d4f648d29e8a ChangeID: 1583badc6de6bb8a7f63c06749b90b97caab5cdf Description: CVE-2022-32293 connman: man-in-the-middle attack against a WISPR HTTP. (From OE-Core rev: 86334559e3dcf30e07e2a10a58bbe40a2e8cc887) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hitendra Prajapati <hprajapati@mvista.com> 2022-09-20 18:33:10 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-09-23 16:22:59 +0100
commit: 20087e04b32722b0b24f8da3e3bf4dce3281571e (patch)
tree: 801e4bd1d86a38031abf29d817c325008116c4f5 /meta
parent: 10c6b704c098cc5a5677918ec8a08468647944f5 (diff)
download: poky-20087e04b32722b0b24f8da3e3bf4dce3281571e.tar.gz
2 files changed, 267 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch
new file mode 100644
index 0000000000..83a013981c
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch
@@ -0,0 +1,266 @@
+From 358a44b1442fae0f82846e10da0708b5c4e1ce27 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Tue, 20 Sep 2022 17:58:19 +0530
+Subject: [PATCH] CVE-2022-32293
+CVE: CVE-2022-32293
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c && https://git.kernel.org/pub/scm/network/connman/connman.git/commit/src/wispr.c?id=416bfaff988882c553c672e5bfc2d4f648d29e8a]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/wispr.c | 83 ++++++++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 63 insertions(+), 20 deletions(-)
+diff --git a/src/wispr.c b/src/wispr.c
+index 473c0e0..97e0242 100644
+--- a/src/wispr.c
+++ b/src/wispr.c
+@@ -59,6 +59,7 @@ struct wispr_route {
+ };
+ 
+ struct connman_wispr_portal_context {
+       int refcount;
+        struct connman_service *service;
+        enum connman_ipconfig_type type;
+        struct connman_wispr_portal *wispr_portal;
+@@ -96,10 +97,13 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data);
+ 
+ static GHashTable *wispr_portal_list = NULL;
+ 
+#define wispr_portal_context_ref(wp_context) \
+       wispr_portal_context_ref_debug(wp_context, __FILE__, __LINE__, __func__)
+#define wispr_portal_context_unref(wp_context) \
+       wispr_portal_context_unref_debug(wp_context, __FILE__, __LINE__, __func__)
+
+ static void connman_wispr_message_init(struct connman_wispr_message *msg)
+ {
+-       DBG("");
+-
+        msg->has_error = false;
+        msg->current_element = NULL;
+ 
+@@ -159,11 +163,6 @@ static void free_wispr_routes(struct connman_wispr_portal_context *wp_context)
+ static void free_connman_wispr_portal_context(
+                struct connman_wispr_portal_context *wp_context)
+ {
+-       DBG("context %p", wp_context);
+-
+-       if (!wp_context)
+-               return;
+-
+        if (wp_context->wispr_portal) {
+                if (wp_context->wispr_portal->ipv4_context == wp_context)
+                        wp_context->wispr_portal->ipv4_context = NULL;
+@@ -200,9 +199,38 @@ static void free_connman_wispr_portal_context(
+        g_free(wp_context);
+ }
+ 
+static struct connman_wispr_portal_context *
+wispr_portal_context_ref_debug(struct connman_wispr_portal_context *wp_context,
+                       const char *file, int line, const char *caller)
+{
+       DBG("%p ref %d by %s:%d:%s()", wp_context,
+               wp_context->refcount + 1, file, line, caller);
+
+       __sync_fetch_and_add(&wp_context->refcount, 1);
+
+       return wp_context;
+}
+
+static void wispr_portal_context_unref_debug(
+               struct connman_wispr_portal_context *wp_context,
+               const char *file, int line, const char *caller)
+{
+       if (!wp_context)
+               return;
+
+       DBG("%p ref %d by %s:%d:%s()", wp_context,
+               wp_context->refcount - 1, file, line, caller);
+
+       if (__sync_fetch_and_sub(&wp_context->refcount, 1) != 1)
+               return;
+
+       free_connman_wispr_portal_context(wp_context);
+}
+
+ static struct connman_wispr_portal_context *create_wispr_portal_context(void)
+ {
+-       return g_try_new0(struct connman_wispr_portal_context, 1);
+       return wispr_portal_context_ref(
+               g_new0(struct connman_wispr_portal_context, 1));
+ }
+ 
+ static void free_connman_wispr_portal(gpointer data)
+@@ -214,8 +242,8 @@ static void free_connman_wispr_portal(gpointer data)
+        if (!wispr_portal)
+                return;
+ 
+-       free_connman_wispr_portal_context(wispr_portal->ipv4_context);
+-       free_connman_wispr_portal_context(wispr_portal->ipv6_context);
+       wispr_portal_context_unref(wispr_portal->ipv4_context);
+       wispr_portal_context_unref(wispr_portal->ipv6_context);
+ 
+        g_free(wispr_portal);
+ }
+@@ -450,8 +478,6 @@ static void portal_manage_status(GWebResult *result,
+                                &str))
+                connman_info("Client-Timezone: %s", str);
+ 
+-       free_connman_wispr_portal_context(wp_context);
+-
+        __connman_service_ipconfig_indicate_state(service,
+                                        CONNMAN_SERVICE_STATE_ONLINE, type);
+ }
+@@ -509,14 +535,17 @@ static void wispr_portal_request_portal(
+ {
+        DBG("");
+ 
+       wispr_portal_context_ref(wp_context);
+        wp_context->request_id = g_web_request_get(wp_context->web,
+                                        wp_context->status_url,
+                                        wispr_portal_web_result,
+                                        wispr_route_request,
+                                        wp_context);
+ 
+-       if (wp_context->request_id == 0)
+       if (wp_context->request_id == 0) {
+                wispr_portal_error(wp_context);
+               wispr_portal_context_unref(wp_context);
+       }
+ }
+ 
+ static bool wispr_input(const guint8 **data, gsize *length,
+@@ -562,13 +591,15 @@ static void wispr_portal_browser_reply_cb(struct connman_service *service,
+                return;
+ 
+        if (!authentication_done) {
+-               wispr_portal_error(wp_context);
+                free_wispr_routes(wp_context);
+               wispr_portal_error(wp_context);
+               wispr_portal_context_unref(wp_context);
+                return;
+        }
+ 
+        /* Restarting the test */
+        __connman_service_wispr_start(service, wp_context->type);
+       wispr_portal_context_unref(wp_context);
+ }
+ 
+ static void wispr_portal_request_wispr_login(struct connman_service *service,
+@@ -592,7 +623,7 @@ static void wispr_portal_request_wispr_login(struct connman_service *service,
+                                return;
+                }
+ 
+-               free_connman_wispr_portal_context(wp_context);
+               wispr_portal_context_unref(wp_context);
+                return;
+        }
+ 
+@@ -644,11 +675,13 @@ static bool wispr_manage_message(GWebResult *result,
+ 
+                wp_context->wispr_result = CONNMAN_WISPR_RESULT_LOGIN;
+ 
+               wispr_portal_context_ref(wp_context);
+                if (__connman_agent_request_login_input(wp_context->service,
+                                        wispr_portal_request_wispr_login,
+-                                       wp_context) != -EINPROGRESS)
+                                       wp_context) != -EINPROGRESS) {
+                        wispr_portal_error(wp_context);
+-               else
+                       wispr_portal_context_unref(wp_context);
+               } else
+                        return true;
+ 
+                break;
+@@ -697,6 +730,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
+                if (length > 0) {
+                        g_web_parser_feed_data(wp_context->wispr_parser,
+                                                                chunk, length);
+                       wispr_portal_context_unref(wp_context);
+                        return true;
+                }
+ 
+@@ -714,6 +748,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
+ 
+        switch (status) {
+        case 000:
+               wispr_portal_context_ref(wp_context);
+                __connman_agent_request_browser(wp_context->service,
+                                wispr_portal_browser_reply_cb,
+                                wp_context->status_url, wp_context);
+@@ -725,11 +760,14 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
+                if (g_web_result_get_header(result, "X-ConnMan-Status",
+                                                &str)) {
+                        portal_manage_status(result, wp_context);
+                       wispr_portal_context_unref(wp_context);
+                        return false;
+-               } else
+               } else {
+                       wispr_portal_context_ref(wp_context);
+                        __connman_agent_request_browser(wp_context->service,
+                                        wispr_portal_browser_reply_cb,
+                                        wp_context->redirect_url, wp_context);
+               }
+ 
+                break;
+        case 302:
+@@ -737,6 +775,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
+                        !g_web_result_get_header(result, "Location",
+                                                        &redirect)) {
+ 
+                       wispr_portal_context_ref(wp_context);
+                        __connman_agent_request_browser(wp_context->service,
+                                        wispr_portal_browser_reply_cb,
+                                        wp_context->status_url, wp_context);
+@@ -747,6 +786,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
+ 
+                wp_context->redirect_url = g_strdup(redirect);
+ 
+               wispr_portal_context_ref(wp_context);
+                wp_context->request_id = g_web_request_get(wp_context->web,
+                                redirect, wispr_portal_web_result,
+                                wispr_route_request, wp_context);
+@@ -763,6 +803,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
+ 
+                break;
+        case 505:
+               wispr_portal_context_ref(wp_context);
+                __connman_agent_request_browser(wp_context->service,
+                                wispr_portal_browser_reply_cb,
+                                wp_context->status_url, wp_context);
+@@ -775,6 +816,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
+        wp_context->request_id = 0;
+ done:
+        wp_context->wispr_msg.message_type = -1;
+       wispr_portal_context_unref(wp_context);
+        return false;
+ }
+ 
+@@ -809,6 +851,7 @@ static void proxy_callback(const char *proxy, void *user_data)
+                                        xml_wispr_parser_callback, wp_context);
+ 
+        wispr_portal_request_portal(wp_context);
+       wispr_portal_context_unref(wp_context);
+ }
+ 
+ static gboolean no_proxy_callback(gpointer user_data)
+@@ -903,7 +946,7 @@ static int wispr_portal_detect(struct connman_wispr_portal_context *wp_context)
+ 
+                if (wp_context->token == 0) {
+                        err = -EINVAL;
+-                       free_connman_wispr_portal_context(wp_context);
+                       wispr_portal_context_unref(wp_context);
+                }
+        } else if (wp_context->timeout == 0) {
+                wp_context->timeout = g_idle_add(no_proxy_callback, wp_context);
+@@ -952,7 +995,7 @@ int __connman_wispr_start(struct connman_service *service,
+ 
+        /* If there is already an existing context, we wipe it */
+        if (wp_context)
+-               free_connman_wispr_portal_context(wp_context);
+               wispr_portal_context_unref(wp_context);
+ 
+        wp_context = create_wispr_portal_context();
+        if (!wp_context)
+-- 
+2.25.1
diff --git a/meta/recipes-connectivity/connman/connman_1.37.bb b/meta/recipes-connectivity/connman/connman_1.37.bb
index 4f22c7ad49..73d7f7527e 100644
--- a/meta/recipes-connectivity/connman/connman_1.37.bb
+++ b/meta/recipes-connectivity/connman/connman_1.37.bb
@@ -13,6 +13,7 @@ SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
            file://CVE-2022-23096-7.patch \
            file://CVE-2022-23098.patch \
            file://CVE-2022-32292.patch \
+             file://CVE-2022-32293.patch \
 "
 SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
author	Hitendra Prajapati <hprajapati@mvista.com>	2022-09-20 18:33:10 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +0100
commit	20087e04b32722b0b24f8da3e3bf4dce3281571e (patch)
tree	801e4bd1d86a38031abf29d817c325008116c4f5 /meta
parent	10c6b704c098cc5a5677918ec8a08468647944f5 (diff)
download	poky-20087e04b32722b0b24f8da3e3bf4dce3281571e.tar.gz

diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch new file mode 100644 index 0000000000..83a013981c --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch
@@ -0,0 +1,266 @@
		1	From 358a44b1442fae0f82846e10da0708b5c4e1ce27 Mon Sep 17 00:00:00 2001
		2	From: Hitendra Prajapati <hprajapati@mvista.com>
		3	Date: Tue, 20 Sep 2022 17:58:19 +0530
		4	Subject: [PATCH] CVE-2022-32293
		5
		6	CVE: CVE-2022-32293
		7	Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c && https://git.kernel.org/pub/scm/network/connman/connman.git/commit/src/wispr.c?id=416bfaff988882c553c672e5bfc2d4f648d29e8a]
		8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		9	---
		10	src/wispr.c \| 83 ++++++++++++++++++++++++++++++++++++++++-------------
		11	1 file changed, 63 insertions(+), 20 deletions(-)
		12
		13	diff --git a/src/wispr.c b/src/wispr.c
		14	index 473c0e0..97e0242 100644
		15	--- a/src/wispr.c
		16	+++ b/src/wispr.c
		17	@@ -59,6 +59,7 @@ struct wispr_route {
		18	};
		19
		20	struct connman_wispr_portal_context {
		21	+ int refcount;
		22	struct connman_service *service;
		23	enum connman_ipconfig_type type;
		24	struct connman_wispr_portal *wispr_portal;
		25	@@ -96,10 +97,13 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data);
		26
		27	static GHashTable *wispr_portal_list = NULL;
		28
		29	+#define wispr_portal_context_ref(wp_context) \
		30	+ wispr_portal_context_ref_debug(wp_context, __FILE__, __LINE__, __func__)
		31	+#define wispr_portal_context_unref(wp_context) \
		32	+ wispr_portal_context_unref_debug(wp_context, __FILE__, __LINE__, __func__)
		33	+
		34	static void connman_wispr_message_init(struct connman_wispr_message *msg)
		35	{
		36	- DBG("");
		37	-
		38	msg->has_error = false;
		39	msg->current_element = NULL;
		40
		41	@@ -159,11 +163,6 @@ static void free_wispr_routes(struct connman_wispr_portal_context *wp_context)
		42	static void free_connman_wispr_portal_context(
		43	struct connman_wispr_portal_context *wp_context)
		44	{
		45	- DBG("context %p", wp_context);
		46	-
		47	- if (!wp_context)
		48	- return;
		49	-
		50	if (wp_context->wispr_portal) {
		51	if (wp_context->wispr_portal->ipv4_context == wp_context)
		52	wp_context->wispr_portal->ipv4_context = NULL;
		53	@@ -200,9 +199,38 @@ static void free_connman_wispr_portal_context(
		54	g_free(wp_context);
		55	}
		56
		57	+static struct connman_wispr_portal_context *
		58	+wispr_portal_context_ref_debug(struct connman_wispr_portal_context *wp_context,
		59	+ const char file, int line, const char caller)
		60	+{
		61	+ DBG("%p ref %d by %s:%d:%s()", wp_context,
		62	+ wp_context->refcount + 1, file, line, caller);
		63	+
		64	+ __sync_fetch_and_add(&wp_context->refcount, 1);
		65	+
		66	+ return wp_context;
		67	+}
		68	+
		69	+static void wispr_portal_context_unref_debug(
		70	+ struct connman_wispr_portal_context *wp_context,
		71	+ const char file, int line, const char caller)
		72	+{
		73	+ if (!wp_context)
		74	+ return;
		75	+
		76	+ DBG("%p ref %d by %s:%d:%s()", wp_context,
		77	+ wp_context->refcount - 1, file, line, caller);
		78	+
		79	+ if (__sync_fetch_and_sub(&wp_context->refcount, 1) != 1)
		80	+ return;
		81	+
		82	+ free_connman_wispr_portal_context(wp_context);
		83	+}
		84	+
		85	static struct connman_wispr_portal_context *create_wispr_portal_context(void)
		86	{
		87	- return g_try_new0(struct connman_wispr_portal_context, 1);
		88	+ return wispr_portal_context_ref(
		89	+ g_new0(struct connman_wispr_portal_context, 1));
		90	}
		91
		92	static void free_connman_wispr_portal(gpointer data)
		93	@@ -214,8 +242,8 @@ static void free_connman_wispr_portal(gpointer data)
		94	if (!wispr_portal)
		95	return;
		96
		97	- free_connman_wispr_portal_context(wispr_portal->ipv4_context);
		98	- free_connman_wispr_portal_context(wispr_portal->ipv6_context);
		99	+ wispr_portal_context_unref(wispr_portal->ipv4_context);
		100	+ wispr_portal_context_unref(wispr_portal->ipv6_context);
		101
		102	g_free(wispr_portal);
		103	}
		104	@@ -450,8 +478,6 @@ static void portal_manage_status(GWebResult *result,
		105	&str))
		106	connman_info("Client-Timezone: %s", str);
		107
		108	- free_connman_wispr_portal_context(wp_context);
		109	-
		110	__connman_service_ipconfig_indicate_state(service,
		111	CONNMAN_SERVICE_STATE_ONLINE, type);
		112	}
		113	@@ -509,14 +535,17 @@ static void wispr_portal_request_portal(
		114	{
		115	DBG("");
		116
		117	+ wispr_portal_context_ref(wp_context);
		118	wp_context->request_id = g_web_request_get(wp_context->web,
		119	wp_context->status_url,
		120	wispr_portal_web_result,
		121	wispr_route_request,
		122	wp_context);
		123
		124	- if (wp_context->request_id == 0)
		125	+ if (wp_context->request_id == 0) {
		126	wispr_portal_error(wp_context);
		127	+ wispr_portal_context_unref(wp_context);
		128	+ }
		129	}
		130
		131	static bool wispr_input(const guint8 *data, gsize length,
		132	@@ -562,13 +591,15 @@ static void wispr_portal_browser_reply_cb(struct connman_service *service,
		133	return;
		134
		135	if (!authentication_done) {
		136	- wispr_portal_error(wp_context);
		137	free_wispr_routes(wp_context);
		138	+ wispr_portal_error(wp_context);
		139	+ wispr_portal_context_unref(wp_context);
		140	return;
		141	}
		142
		143	/* Restarting the test */
		144	__connman_service_wispr_start(service, wp_context->type);
		145	+ wispr_portal_context_unref(wp_context);
		146	}
		147
		148	static void wispr_portal_request_wispr_login(struct connman_service *service,
		149	@@ -592,7 +623,7 @@ static void wispr_portal_request_wispr_login(struct connman_service *service,
		150	return;
		151	}
		152
		153	- free_connman_wispr_portal_context(wp_context);
		154	+ wispr_portal_context_unref(wp_context);
		155	return;
		156	}
		157
		158	@@ -644,11 +675,13 @@ static bool wispr_manage_message(GWebResult *result,
		159
		160	wp_context->wispr_result = CONNMAN_WISPR_RESULT_LOGIN;
		161
		162	+ wispr_portal_context_ref(wp_context);
		163	if (__connman_agent_request_login_input(wp_context->service,
		164	wispr_portal_request_wispr_login,
		165	- wp_context) != -EINPROGRESS)
		166	+ wp_context) != -EINPROGRESS) {
		167	wispr_portal_error(wp_context);
		168	- else
		169	+ wispr_portal_context_unref(wp_context);
		170	+ } else
		171	return true;
		172
		173	break;
		174	@@ -697,6 +730,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
		175	if (length > 0) {
		176	g_web_parser_feed_data(wp_context->wispr_parser,
		177	chunk, length);
		178	+ wispr_portal_context_unref(wp_context);
		179	return true;
		180	}
		181
		182	@@ -714,6 +748,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
		183
		184	switch (status) {
		185	case 000:
		186	+ wispr_portal_context_ref(wp_context);
		187	__connman_agent_request_browser(wp_context->service,
		188	wispr_portal_browser_reply_cb,
		189	wp_context->status_url, wp_context);
		190	@@ -725,11 +760,14 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
		191	if (g_web_result_get_header(result, "X-ConnMan-Status",
		192	&str)) {
		193	portal_manage_status(result, wp_context);
		194	+ wispr_portal_context_unref(wp_context);
		195	return false;
		196	- } else
		197	+ } else {
		198	+ wispr_portal_context_ref(wp_context);
		199	__connman_agent_request_browser(wp_context->service,
		200	wispr_portal_browser_reply_cb,
		201	wp_context->redirect_url, wp_context);
		202	+ }
		203
		204	break;
		205	case 302:
		206	@@ -737,6 +775,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
		207	!g_web_result_get_header(result, "Location",
		208	&redirect)) {
		209
		210	+ wispr_portal_context_ref(wp_context);
		211	__connman_agent_request_browser(wp_context->service,
		212	wispr_portal_browser_reply_cb,
		213	wp_context->status_url, wp_context);
		214	@@ -747,6 +786,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
		215
		216	wp_context->redirect_url = g_strdup(redirect);
		217
		218	+ wispr_portal_context_ref(wp_context);
		219	wp_context->request_id = g_web_request_get(wp_context->web,
		220	redirect, wispr_portal_web_result,
		221	wispr_route_request, wp_context);
		222	@@ -763,6 +803,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
		223
		224	break;
		225	case 505:
		226	+ wispr_portal_context_ref(wp_context);
		227	__connman_agent_request_browser(wp_context->service,
		228	wispr_portal_browser_reply_cb,
		229	wp_context->status_url, wp_context);
		230	@@ -775,6 +816,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
		231	wp_context->request_id = 0;
		232	done:
		233	wp_context->wispr_msg.message_type = -1;
		234	+ wispr_portal_context_unref(wp_context);
		235	return false;
		236	}
		237
		238	@@ -809,6 +851,7 @@ static void proxy_callback(const char proxy, void user_data)
		239	xml_wispr_parser_callback, wp_context);
		240
		241	wispr_portal_request_portal(wp_context);
		242	+ wispr_portal_context_unref(wp_context);
		243	}
		244
		245	static gboolean no_proxy_callback(gpointer user_data)
		246	@@ -903,7 +946,7 @@ static int wispr_portal_detect(struct connman_wispr_portal_context *wp_context)
		247
		248	if (wp_context->token == 0) {
		249	err = -EINVAL;
		250	- free_connman_wispr_portal_context(wp_context);
		251	+ wispr_portal_context_unref(wp_context);
		252	}
		253	} else if (wp_context->timeout == 0) {
		254	wp_context->timeout = g_idle_add(no_proxy_callback, wp_context);
		255	@@ -952,7 +995,7 @@ int __connman_wispr_start(struct connman_service *service,
		256
		257	/* If there is already an existing context, we wipe it */
		258	if (wp_context)
		259	- free_connman_wispr_portal_context(wp_context);
		260	+ wispr_portal_context_unref(wp_context);
		261
		262	wp_context = create_wispr_portal_context();
		263	if (!wp_context)
		264	--
		265	2.25.1
		266


diff --git a/meta/recipes-connectivity/connman/connman_1.37.bb b/meta/recipes-connectivity/connman/connman_1.37.bb index 4f22c7ad49..73d7f7527e 100644 --- a/meta/recipes-connectivity/connman/connman_1.37.bb +++ b/meta/recipes-connectivity/connman/connman_1.37.bb
@@ -13,6 +13,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
13	file://CVE-2022-23096-7.patch \	13	file://CVE-2022-23096-7.patch \
14	file://CVE-2022-23098.patch \	14	file://CVE-2022-23098.patch \
15	file://CVE-2022-32292.patch \	15	file://CVE-2022-32292.patch \
		16	file://CVE-2022-32293.patch \
16	"	17	"
17		18
18	SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"	19	SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"