From ceb4cd89c9709217d52a493d483d3d76ef3cbd44 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 12 Jun 2014 17:26:58 +0300 Subject: [PATCH] dbus: Fix a potential double-free in on error path (CID 62880) It would have been at least theoretically possible to hit the first error in the loop and end up jumping to error handling which would call os_free(value) without the value having been cleared after the os_free() call at the end of the previous loop iteration. Signed-off-by: Jouni Malinen --- wpa_supplicant/dbus/dbus_new_handlers.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index 6e1eedb12..27190c6f0 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -271,6 +271,7 @@ dbus_bool_t set_network_properties(struct wpa_supplicant *wpa_s, wpa_config_update_prio_list(wpa_s->conf); os_free(value); + value = NULL; wpa_dbus_dict_entry_clear(&entry); }