From faa9f2cf95c64c92e7a97667db7ca2f236884f22 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 15 Jul 2011 14:03:41 +0300 Subject: [PATCH] P2P: Fix D-Bus error path (potential NULL pointer deref) The paths pointer could have been NULL when going through the shared freeing path in error case. Avoid the NULL pointer dereference by checking whether that is the case. In addition, remove unnecessary gotos to make the function more readable. --- wpa_supplicant/dbus/dbus_new_handlers_p2p.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c index 55482b476..6fae4995b 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c +++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c @@ -1577,14 +1577,14 @@ DBusMessage *wpas_dbus_getter_p2p_group_members(DBusMessage * message, /* Ensure we are a GO */ if (wpa_s->wpa_state != WPA_COMPLETED) - goto out; + return NULL; ssid = wpa_s->conf->ssid; /* At present WPAS P2P_GO mode only applicable for p2p_go */ if (ssid->mode != WPAS_MODE_P2P_GO && ssid->mode != WPAS_MODE_AP && ssid->mode != WPAS_MODE_P2P_GROUP_FORMATION) - goto out; + return NULL; num_members = p2p_get_group_num_members(wpa_s->p2p_group); @@ -1608,15 +1608,19 @@ DBusMessage *wpas_dbus_getter_p2p_group_members(DBusMessage * message, DBUS_TYPE_OBJECT_PATH, paths, num_members); -out_free: for (i = 0; i < num_members; i++) os_free(paths[i]); os_free(paths); -out: return reply; + out_of_memory: reply = dbus_message_new_error(message, DBUS_ERROR_NO_MEMORY, NULL); - goto out_free; + if (paths) { + for (i = 0; i < num_members; i++) + os_free(paths[i]); + os_free(paths); + } + return reply; }