On Thu, May 30, 2024 at 10:46:34AM +0200, Davide Caratti wrote:
> Using D-Bus, it is possible to add a valid UPnP service where 'query' and
> 'response' are specified. In this case, memory for 'query' and 'response'
> is allocated but not used nor freed. Valgrind complains as follows:
..
> Fix this ensuring that query and resp are freed both in the error and
> non-error path of wpas_dbus_handler_p2p_add_service(). Also, add a
> test in test_dbus.py to verify the correct behavior.
> diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
> @@ -6751,11 +6751,12 @@ static int p2p_ctrl_service_add_bonjour(struct wpa_supplicant *wpa_s,
> return -1;
> }
>
> - if (wpas_p2p_service_add_bonjour(wpa_s, query, resp) < 0) {
> - wpabuf_free(query);
> - wpabuf_free(resp);
> + if (wpas_p2p_service_add_bonjour(wpa_s, query, resp) < 0)
> return -1;
> - }
> +
> + wpabuf_free(query);
> + wpabuf_free(resp);
Wouldn't this add a new memory leak for the control interface in case
wpas_p2p_service_add_bonjour() returns -1? Only the dbus-specific case
would free those in error case..
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
