Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-29 02:38:22 -05:00
Code Issues Projects Releases Wiki Activity

P2P NFC: Fix use of freed memory

Browse Source 
The dev_found() callback from NFC connection handover message processing
ended up using the p2p_dev_addr pointer that points to the parsed
message. However, that parsed data was freed just before the call. Fix
this by reordering the calls.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-05-31 23:10:33 +03:00
parent df48efc5ab
commit 8a387a269d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/p2p/p2p.c
View File

@ -4638,10 +4638,9 @@ int p2p_process_nfc_connection_handover(struct p2p_data *p2p,
params->go_ssid_len); params->go_ssid_len);
} }
p2p_parse_free(&msg);
if (dev->flags & P2P_DEV_USER_REJECTED) { if (dev->flags & P2P_DEV_USER_REJECTED) {
p2p_dbg(p2p, "Do not report rejected device"); p2p_dbg(p2p, "Do not report rejected device");
p2p_parse_free(&msg);
return 0; return 0;
} }
@ -4650,6 +4649,7 @@ int p2p_process_nfc_connection_handover(struct p2p_data *p2p,
!(dev->flags & P2P_DEV_REPORTED_ONCE)); !(dev->flags & P2P_DEV_REPORTED_ONCE));
dev->flags |= P2P_DEV_REPORTED | P2P_DEV_REPORTED_ONCE; dev->flags |= P2P_DEV_REPORTED | P2P_DEV_REPORTED_ONCE;
} }
p2p_parse_free(&msg);
if (role == P2P_GO_IN_A_GROUP && p2p->num_groups > 0) if (role == P2P_GO_IN_A_GROUP && p2p->num_groups > 0)
params->next_step = BOTH_GO; params->next_step = BOTH_GO;