From e1251645d38d5b1b90350957f0e8b66e0fb59235 Mon Sep 17 00:00:00 2001
From: Tero Heinonen <tero.heinonen@arm.com>
Date: Thu, 2 Feb 2017 09:11:08 +0200
Subject: [PATCH] Check secure session pointer in timer callback (#61)

When timer callback is called, void pointer is given as a parameter, and
it is then typecasted to secure session pointer. Added check is that
session still valid before using it.
---
 source/coap_connection_handler.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/source/coap_connection_handler.c b/source/coap_connection_handler.c
index eb874ff5910b..b04e127d51cd 100644
--- a/source/coap_connection_handler.c
+++ b/source/coap_connection_handler.c
@@ -97,6 +97,17 @@ static secure_session_t *secure_session_find_by_timer_id(int8_t timer_id)
     return this;
 }
 
+static bool is_secure_session_valid(secure_session_t *session)
+{
+    secure_session_t *this = NULL;
+    ns_list_foreach(secure_session_t, cur_ptr, &secure_session_list) {
+        if (cur_ptr == session) {
+            return true;
+        }
+    }
+    return false;
+}
+
 static void secure_session_delete(secure_session_t *this)
 {
     if (this) {
@@ -402,7 +413,8 @@ static int secure_session_recvfrom(int8_t socket_id, unsigned char *buf, size_t
 static void timer_cb(void *param)
 {
     secure_session_t *sec = param;
-    if( sec ){
+
+    if( sec && is_secure_session_valid(sec)){
         if(sec->timer.fin_ms > sec->timer.int_ms){
             /* Intermediate expiry */
             sec->timer.fin_ms -= sec->timer.int_ms;