[PATCH 4/5] P2P: Fix possible memory leak in p2p_process_nfc_connection_handover()

Ilan Peer ilan.peer at intel.com
Wed Jun 17 09:16:35 EDT 2015


From: Ben Rosenfeld <ben.rosenfeld at intel.com>

p2p_process_nfc_connection_handover() allocates msg memory and might return before
memory is released.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld at intel.com>
---
 src/p2p/p2p.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index d96723f..bb05583 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -5275,6 +5275,7 @@ int p2p_process_nfc_connection_handover(struct p2p_data *p2p,
 
 	if (!msg.oob_go_neg_channel) {
 		p2p_dbg(p2p, "OOB GO Negotiation Channel attribute not included");
+		p2p_parse_free(&msg);
 		return -1;
 	}
 
@@ -5286,6 +5287,7 @@ int p2p_process_nfc_connection_handover(struct p2p_data *p2p,
 					   msg.oob_go_neg_channel[4]);
 	if (freq < 0) {
 		p2p_dbg(p2p, "Unknown peer OOB GO Neg channel");
+		p2p_parse_free(&msg);
 		return -1;
 	}
 	role = msg.oob_go_neg_channel[5];
@@ -5306,6 +5308,7 @@ int p2p_process_nfc_connection_handover(struct p2p_data *p2p,
 					   p2p->cfg->channel);
 		if (freq < 0) {
 			p2p_dbg(p2p, "Own listen channel not known");
+			p2p_parse_free(&msg);
 			return -1;
 		}
 		p2p_dbg(p2p, "Use own Listen channel as OOB GO Neg channel: %u MHz", freq);
-- 
1.9.1



More information about the HostAP mailing list