dbus: Make sure ServiceDiscoveryRequest/Result does not override pointers

Explicitly free the previously allocated copy if ServiceDiscoveryRequest
or Service DiscvoveryResponse parsing loop finds multiple instances of
the same dict entry.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2024-07-11 18:35:28 +03:00
parent d22401d895
commit 9f0429c9e1

View file

@ -2925,6 +2925,7 @@ DBusMessage * wpas_dbus_handler_p2p_service_sd_req(
if (entry.type != DBUS_TYPE_ARRAY || if (entry.type != DBUS_TYPE_ARRAY ||
entry.array_type != DBUS_TYPE_BYTE) entry.array_type != DBUS_TYPE_BYTE)
goto error_clear; goto error_clear;
wpabuf_free(tlv);
tlv = wpabuf_alloc_copy(entry.bytearray_value, tlv = wpabuf_alloc_copy(entry.bytearray_value,
entry.array_len); entry.array_len);
} else } else
@ -3011,6 +3012,7 @@ DBusMessage * wpas_dbus_handler_p2p_service_sd_res(
if (entry.type != DBUS_TYPE_ARRAY || if (entry.type != DBUS_TYPE_ARRAY ||
entry.array_type != DBUS_TYPE_BYTE) entry.array_type != DBUS_TYPE_BYTE)
goto error_clear; goto error_clear;
wpabuf_free(tlv);
tlv = wpabuf_alloc_copy(entry.bytearray_value, tlv = wpabuf_alloc_copy(entry.bytearray_value,
entry.array_len); entry.array_len);
} else } else