d22401d895
Using D-Bus it is possible to request an invalid SD response where "tlvs" is specified and there is an unknown key (e.g. "bar": "foo"). In this case, "tlv" is allocated and then never used nor freed. Valgrind complains as follows: 36 bytes in 1 blocks are definitely lost in loss record 20 of 74 at 0x484C214: calloc (vg_replace_malloc.c:1675) by 0x41C673: wpabuf_alloc (wpabuf.c:124) by 0x41C673: wpabuf_alloc_copy (wpabuf.c:162) by 0x54FB94: wpas_dbus_handler_p2p_service_sd_res (dbus_new_handlers_p2p.c:3016) by 0x53B9A2: msg_method_handler (dbus_new_helpers.c:356) by 0x53B9A2: message_handler (dbus_new_helpers.c:412) by 0x4EAB4B8: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.13) by 0x5495DF: dispatch_data (dbus_common.c:37) by 0x5495DF: process_watch (dbus_common.c:73) by 0x5495DF: process_watch_read (dbus_common.c:89) by 0x41EE8E: eloop_sock_table_dispatch.part.0 (eloop.c:603) by 0x41FA46: eloop_sock_table_dispatch (eloop.c:597) by 0x41FA46: eloop_run (eloop.c:1233) by 0x56A3EE: wpa_supplicant_run (wpa_supplicant.c:8074) by 0x40DB06: main (main.c:393) Fix it ensuring that "tlv" is freed both in the error and non-error path of wpas_dbus_handler_p2p_service_sd_res(). Also, add a test case in test_dbus.py to verify correct behavior. Signed-off-by: Davide Caratti <davide.caratti@gmail.com> |
||
---|---|---|
.. | ||
.gitignore | ||
dbus-wpa_supplicant.conf | ||
dbus_common.c | ||
dbus_common.h | ||
dbus_common_i.h | ||
dbus_dict_helpers.c | ||
dbus_dict_helpers.h | ||
dbus_new.c | ||
dbus_new.h | ||
dbus_new_handlers.c | ||
dbus_new_handlers.h | ||
dbus_new_handlers_p2p.c | ||
dbus_new_handlers_p2p.h | ||
dbus_new_handlers_wps.c | ||
dbus_new_helpers.c | ||
dbus_new_helpers.h | ||
dbus_new_introspect.c | ||
fi.w1.wpa_supplicant1.service.in | ||
Makefile |