From 9c4694ce7ca3cd4bffe9c4b0097e7e254fb3bb75 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 31 Dec 2014 00:36:19 +0200 Subject: [PATCH] D-Bus: Fix memory leaks on AddService/DeleteService error paths The query and service parameters need to be freed on all paths to avoid memory leaks in error cases. Signed-off-by: Jouni Malinen --- wpa_supplicant/dbus/dbus_new_handlers_p2p.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c index 286509b68..1a17e6583 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c +++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c @@ -2361,6 +2361,7 @@ DBusMessage * wpas_dbus_handler_p2p_add_service(DBusMessage *message, version = entry.uint32_value; } else if (!os_strcmp(entry.key, "service") && (entry.type == DBUS_TYPE_STRING)) { + os_free(service); service = os_strdup(entry.str_value); } else if (!os_strcmp(entry.key, "query")) { if ((entry.type != DBUS_TYPE_ARRAY) || @@ -2386,8 +2387,6 @@ DBusMessage * wpas_dbus_handler_p2p_add_service(DBusMessage *message, if (wpas_p2p_service_add_upnp(wpa_s, version, service) != 0) goto error; - os_free(service); - service = NULL; } else if (bonjour == 1) { if (query == NULL || resp == NULL) goto error; @@ -2399,6 +2398,7 @@ DBusMessage * wpas_dbus_handler_p2p_add_service(DBusMessage *message, } else goto error; + os_free(service); return reply; error_clear: wpa_dbus_dict_entry_clear(&entry); @@ -2452,9 +2452,10 @@ DBusMessage * wpas_dbus_handler_p2p_delete_service( entry.type == DBUS_TYPE_INT32) version = entry.uint32_value; else if (!os_strcmp(entry.key, "service") && - entry.type == DBUS_TYPE_STRING) + entry.type == DBUS_TYPE_STRING) { + os_free(service); service = os_strdup(entry.str_value); - else + } else goto error_clear; wpa_dbus_dict_entry_clear(&entry); @@ -2464,7 +2465,6 @@ DBusMessage * wpas_dbus_handler_p2p_delete_service( goto error; ret = wpas_p2p_service_del_upnp(wpa_s, version, service); - os_free(service); if (ret != 0) goto error; } else if (bonjour == 1) { @@ -2476,6 +2476,7 @@ DBusMessage * wpas_dbus_handler_p2p_delete_service( if ((entry.type != DBUS_TYPE_ARRAY) || (entry.array_type != DBUS_TYPE_BYTE)) goto error_clear; + wpabuf_free(query); query = wpabuf_alloc_copy( entry.bytearray_value, entry.array_len); @@ -2491,14 +2492,17 @@ DBusMessage * wpas_dbus_handler_p2p_delete_service( ret = wpas_p2p_service_del_bonjour(wpa_s, query); if (ret != 0) goto error; - wpabuf_free(query); } else goto error; + wpabuf_free(query); + os_free(service); return reply; error_clear: wpa_dbus_dict_entry_clear(&entry); error: + wpabuf_free(query); + os_free(service); return wpas_dbus_error_invalid_args(message, NULL); }