From 683868f3d2fd7218bc5a0c4873db10c3b8d92bf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marin=20Jurjevi=C4=87?= <marin.jurjevic@hotmail.com>
Date: Fri, 18 Mar 2022 13:35:36 +0100
Subject: [PATCH] net: lwm2m: fix potential invalid pointer dereference in
 reset message
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Sometimes message is being reset from multiple locations in code.
If message has already been reset, pointer to context is invalid.

Signed-off-by: Marin Jurjević <marin.jurjevic@hotmail.com>
---
 subsys/net/lib/lwm2m/lwm2m_engine.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/subsys/net/lib/lwm2m/lwm2m_engine.c b/subsys/net/lib/lwm2m/lwm2m_engine.c
index 74fcee0d0a8..924ba3dcf83 100644
--- a/subsys/net/lib/lwm2m/lwm2m_engine.c
+++ b/subsys/net/lib/lwm2m/lwm2m_engine.c
@@ -1333,7 +1333,9 @@ void lwm2m_reset_message(struct lwm2m_message *msg, bool release)
 		coap_reply_clear(msg->reply);
 	}
 
-	sys_slist_find_and_remove(&msg->ctx->pending_sends, &msg->node);
+	if (msg->ctx) {
+		sys_slist_find_and_remove(&msg->ctx->pending_sends, &msg->node);
+	}
 
 	if (release) {
 		(void)memset(msg, 0, sizeof(*msg));