From 11f07f027a7b91c06b87b4fe85432dae0c648486 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 25 Nov 2018 13:51:26 +0200 Subject: [PATCH] DPP: Fix error path handling for GAS Comeback Response building A local memory allocation failuring during GAS Comeback Response frame generation could result in freeing the response context without removing it from the list. This would result in dereferencing freed memory when processing the next comeback request. Signed-off-by: Jouni Malinen --- src/common/gas_server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/common/gas_server.c b/src/common/gas_server.c index 492ee0041..ca46758ce 100644 --- a/src/common/gas_server.c +++ b/src/common/gas_server.c @@ -260,6 +260,7 @@ gas_server_handle_rx_comeback_req(struct gas_server_response *response) handler->adv_proto_id_len + resp_frag_len); if (!resp) { + dl_list_del(&response->list); gas_server_free_response(response); return; }