From 2c604fbd7582216ee2dd948a6bb64651128f1ef3 Mon Sep 17 00:00:00 2001
From: re2zero <yangwu@uniontech.com>
Date: Thu, 28 May 2026 17:57:39 +0800
Subject: [PATCH] fix(dtls): remove duplicate DEL_PEER in handle_alert()

handle_alert() calls DEL_PEER() to remove the peer from the hash
table, then calls dtls_destroy_peer() which calls DEL_PEER() again.
This double removal corrupts the uthash hash table and can lead
to crashes or undefined behavior.

Remove the DEL_PEER() call from handle_alert() since
dtls_destroy_peer() already handles peer cleanup including
removal from the hash table.

Fixes #269
---
 dtls.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/dtls.c b/dtls.c
index 533480c..3cd63c9 100644
--- a/dtls.c
+++ b/dtls.c
@@ -4502,10 +4502,9 @@ handle_alert(dtls_context_t *ctx, dtls_peer_t *peer,
   dtls_info("** Alert: level %d, description %d\n", data[0], data[1]);
 
   /* The peer object is invalidated for FATAL alerts and close
-   * notifies. This is done in two steps.: First, remove the object
-   * from our list of peers. After that, the event handler callback is
-   * invoked with the still existing peer object. Finally, the storage
-   * used by peer is released.
+   * notifies. The event handler callback is invoked with the peer
+   * object, then dtls_destroy_peer() removes the peer from the
+   * hash table and releases the storage.
    */
   close_notify = data[1] == DTLS_ALERT_CLOSE_NOTIFY;
   if (data[0] == DTLS_ALERT_LEVEL_FATAL || close_notify) {
@@ -4514,8 +4513,6 @@ handle_alert(dtls_context_t *ctx, dtls_peer_t *peer,
     else
       dtls_alert("%d invalidate peer\n", data[1]);
 
-    DEL_PEER(ctx->peers, peer);
-
 #ifdef WITH_CONTIKI
 #ifndef NDEBUG
     PRINTF("removed peer [");