hostapd/wpa_supplicant/dbus
Davide Caratti d22401d895 dbus: Fix memory leak in case dbus provides 'tlvs' in invalid P2P SD response
Using D-Bus it is possible to request an invalid SD response where
"tlvs" is specified and there is an unknown key (e.g. "bar": "foo"). In
this case, "tlv" is allocated and then never used nor freed. Valgrind
complains as follows:

 36 bytes in 1 blocks are definitely lost in loss record 20 of 74
    at 0x484C214: calloc (vg_replace_malloc.c:1675)
    by 0x41C673: wpabuf_alloc (wpabuf.c:124)
    by 0x41C673: wpabuf_alloc_copy (wpabuf.c:162)
    by 0x54FB94: wpas_dbus_handler_p2p_service_sd_res (dbus_new_handlers_p2p.c:3016)
    by 0x53B9A2: msg_method_handler (dbus_new_helpers.c:356)
    by 0x53B9A2: message_handler (dbus_new_helpers.c:412)
    by 0x4EAB4B8: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.13)
    by 0x5495DF: dispatch_data (dbus_common.c:37)
    by 0x5495DF: process_watch (dbus_common.c:73)
    by 0x5495DF: process_watch_read (dbus_common.c:89)
    by 0x41EE8E: eloop_sock_table_dispatch.part.0 (eloop.c:603)
    by 0x41FA46: eloop_sock_table_dispatch (eloop.c:597)
    by 0x41FA46: eloop_run (eloop.c:1233)
    by 0x56A3EE: wpa_supplicant_run (wpa_supplicant.c:8074)
    by 0x40DB06: main (main.c:393)

Fix it ensuring that "tlv" is freed both in the error and non-error path
of wpas_dbus_handler_p2p_service_sd_res(). Also, add a test case in
test_dbus.py to verify correct behavior.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2024-07-11 18:39:39 +03:00
..
.gitignore dbus: Clean dbus build files on wpa_supplicant 'make clean' 2009-12-20 20:29:09 +02:00
dbus-wpa_supplicant.conf wpa_supplicant: Drop the old D-Bus interface support 2019-03-09 18:33:26 +02:00
dbus_common.c dbus: Check eloop registration failure in add_watch handler 2020-11-04 19:39:08 +02:00
dbus_common.h Update license notification in D-Bus interface files 2012-07-02 12:04:38 +03:00
dbus_common_i.h dbus: Expose interface globals via D-Bus properties 2015-10-28 23:41:32 +02:00
dbus_dict_helpers.c DBus: Add dict helper for uint16 arrays 2024-03-09 17:05:29 +02:00
dbus_dict_helpers.h DBus: Add dict helper for uint16 arrays 2024-03-09 17:05:29 +02:00
dbus_new.c dbus: Use correct values for persistent group 2024-04-21 11:55:53 +03:00
dbus_new.h DBus: Add ANQP fields to BSS properties 2024-03-09 17:59:22 +02:00
dbus_new_handlers.c DBus: Add ANQP fields to BSS properties 2024-03-09 17:59:22 +02:00
dbus_new_handlers.h DBus: Add ANQP fields to BSS properties 2024-03-09 17:59:22 +02:00
dbus_new_handlers_p2p.c dbus: Fix memory leak in case dbus provides 'tlvs' in invalid P2P SD response 2024-07-11 18:39:39 +03:00
dbus_new_handlers_p2p.h dbus: Add vendor specific information element in peer properties 2019-01-02 13:00:57 +02:00
dbus_new_handlers_wps.c wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS 2019-02-18 22:35:41 +02:00
dbus_new_helpers.c dbus: Avoid memory leak on error when signaling PropertiesChanged 2024-01-22 21:16:47 +02:00
dbus_new_helpers.h dbus: Emit more information over D-Bus 2022-12-03 10:59:44 +02:00
dbus_new_introspect.c dbus: Increase XML buffer size for an interface introspection data 2023-11-25 11:13:42 +02:00
fi.w1.wpa_supplicant1.service.in wpa_supplicant: Edit BINDIR in dbus and systemd service files 2011-07-15 12:25:02 +03:00
Makefile wpa_supplicant: Drop the old D-Bus interface support 2019-03-09 18:33:26 +02:00