DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Fix memory leaks and wrong memory access

Browse source 
1. In wpa_config_process_bgscan() fix memory leak after
   calling wpa_config_parse_string()
2. In hostapd_config_defaults(), on failure to allocate bss->radius,
   conf->bss was not freed.
3. In p2p_deauth_nofif(), memory allocated in p2p_parse_ies() was not
   freed in case of NULL minor_reason_code.
4. In p2p_disassoc_nofif(), memory allocated in p2p_parse_ies() was
   not freed in case of NULL minor_reason_code.
5. In p2p_process_go_neg_conf(), memory allocated was not freed in
   case that the P2P Device interface was not waiting for a
   GO Negotiation Confirm.
6. In wpa_set_pkcs11_engine_and_module_path(), the wrong pointer was
   checked.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
This commit is contained in:
Eytan Lifshitz 2014-01-28 09:32:35 +02:00 committed by Jouni Malinen
parent fd67275b85
commit 04c366cb1d
5 changed files with 13 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/ap/ap_config.c
View file

@ -140,6 +140,7 @@ struct hostapd_config * hostapd_config_defaults(void)
bss->radius = os_zalloc(sizeof(*bss->radius));
if (bss->radius == NULL) {
os_free(conf->bss);
os_free(conf);
os_free(bss);
return NULL;

8
src/p2p/p2p.c
View file

@ -3862,8 +3862,10 @@ void p2p_deauth_notif(struct p2p_data *p2p, const u8 *bssid, u16 reason_code,
os_memset(&msg, 0, sizeof(msg));
if (p2p_parse_ies(ie, ie_len, &msg))
return;
if (msg.minor_reason_code == NULL)
if (msg.minor_reason_code == NULL) {
p2p_parse_free(&msg);
return;
}
p2p_dbg(p2p, "Deauthentication notification BSSID " MACSTR
" reason_code=%u minor_reason_code=%u",
@ -3884,8 +3886,10 @@ void p2p_disassoc_notif(struct p2p_data *p2p, const u8 *bssid, u16 reason_code,
os_memset(&msg, 0, sizeof(msg));
if (p2p_parse_ies(ie, ie_len, &msg))
return;
if (msg.minor_reason_code == NULL)
if (msg.minor_reason_code == NULL) {
p2p_parse_free(&msg);
return;
}
p2p_dbg(p2p, "Disassociation notification BSSID " MACSTR
" reason_code=%u minor_reason_code=%u",

1
src/p2p/p2p_go_neg.c
View file

@ -1136,6 +1136,7 @@ void p2p_process_go_neg_conf(struct p2p_data *p2p, const u8 *sa,
if (!(dev->flags & P2P_DEV_WAIT_GO_NEG_CONFIRM)) {
p2p_dbg(p2p, "Was not expecting GO Negotiation Confirm - ignore");
p2p_parse_free(&msg);
return;
}
dev->flags &= ~P2P_DEV_WAIT_GO_NEG_CONFIRM;