P2P: Check memory allocation result in a Service Discovery Response

This patch adds a check of the return value of wpabuf_dup() in a large
Service Discovery Response.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
This commit is contained in:
Masashi Honma 2012-07-02 20:53:46 +03:00 committed by Jouni Malinen
parent 0cb87fdeb5
commit 8f4636e41c

View file

@ -364,9 +364,14 @@ void p2p_sd_response(struct p2p_data *p2p, int freq, const u8 *dst,
"previous SD response"); "previous SD response");
wpabuf_free(p2p->sd_resp); wpabuf_free(p2p->sd_resp);
} }
p2p->sd_resp = wpabuf_dup(resp_tlvs);
if (p2p->sd_resp == NULL) {
wpa_msg(p2p->cfg->msg_ctx, MSG_ERROR, "P2P: Failed to "
"allocate SD response fragmentation area");
return;
}
os_memcpy(p2p->sd_resp_addr, dst, ETH_ALEN); os_memcpy(p2p->sd_resp_addr, dst, ETH_ALEN);
p2p->sd_resp_dialog_token = dialog_token; p2p->sd_resp_dialog_token = dialog_token;
p2p->sd_resp = wpabuf_dup(resp_tlvs);
p2p->sd_resp_pos = 0; p2p->sd_resp_pos = 0;
p2p->sd_frag_id = 0; p2p->sd_frag_id = 0;
resp = p2p_build_sd_response(dialog_token, WLAN_STATUS_SUCCESS, resp = p2p_build_sd_response(dialog_token, WLAN_STATUS_SUCCESS,