[Bluez V2 13/13] Fixing use_after_free in prov-db.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Gopal Tiwari <gtiwari@xxxxxxxxxx>

Following scenario happens when prov is false and we have double free as
mentioned in the below

bluez-5.64/tools/mesh-gatt/prov-db.c:847: freed_arg: "g_free" frees 
"in_str".

bluez-5.64/tools/mesh-gatt/prov-db.c:867: double_free: Calling "g_free"
frees pointer "in_str" which has already been freed.

Signed-off-by: Gopal Tiwari <gtiwari@xxxxxxxxxx>
---
 tools/mesh-gatt/prov-db.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/mesh-gatt/prov-db.c b/tools/mesh-gatt/prov-db.c
index 2fb08f799..a5b6997e0 100644
--- a/tools/mesh-gatt/prov-db.c
+++ b/tools/mesh-gatt/prov-db.c
@@ -859,7 +859,8 @@ bool prov_db_local_set_iv_index(uint32_t iv_index, bool update, bool prov)
 
 		set_local_iv_index(jmain, iv_index, update);
 		prov_file_write(jmain, false);
-	}
+	} else
+		return true;
 
 	res = true;
 done:
-- 
2.26.2




[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux