diff options
author | Jaehyun Kim <jeik01.kim@samsung.com> | 2024-09-24 17:19:37 +0900 |
---|---|---|
committer | Jaehyun Kim <jeik01.kim@samsung.com> | 2024-09-24 17:19:37 +0900 |
commit | e1a2332132957a7735a6aaf0f79c002d5c81618e (patch) | |
tree | 3a6b51f1bfa320423dba0654aea9980cff22b3fa | |
parent | a0b0be426a4da4fc0ebfe3672b0df92aa901a1db (diff) | |
download | connman-accepted/tizen/unified/20240925.010014.tar.gz connman-accepted/tizen/unified/20240925.010014.tar.bz2 connman-accepted/tizen/unified/20240925.010014.zip |
Fix dereference after free in wifi band selectionaccepted/tizen/unified/x/asan/20241014.000635accepted/tizen/unified/x/20240925.015954accepted/tizen/unified/toolchain/20241004.102229accepted/tizen/unified/20240925.010014
Change-Id: I12475b502523ce860ede27eb00fff4c9e6c801d6
Signed-off-by: Jaehyun Kim <jeik01.kim@samsung.com>
-rwxr-xr-x | gsupplicant/supplicant.c | 52 |
1 files changed, 28 insertions, 24 deletions
diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c index 8225637f..1852c45f 100755 --- a/gsupplicant/supplicant.c +++ b/gsupplicant/supplicant.c @@ -6656,29 +6656,21 @@ static bool set_band_freqs_5ghz(GSupplicantScanParams *scan_data) return true; } -static void set_band_freqs(GSupplicantScanParams **scan_data) +static void set_band_freqs(GSupplicantScanParams *scan_data) { - GSupplicantScanParams *scan_data_local = NULL; - - if (*scan_data && ((*scan_data)->num_ssids != 0 || (*scan_data)->num_freqs != 0)) - return; - - scan_data_local = g_try_malloc0(sizeof(GSupplicantScanParams)); - if (!scan_data_local) { - SUPPLICANT_DBG("Failed to allocate memory."); + if (!scan_data || scan_data->num_ssids != 0 || scan_data->num_freqs != 0) return; - } switch (wifi_band_selection_method) { case WIFI_BAND_SELECTION_2_4GHZ: - if (!set_band_freqs_2_4ghz(scan_data_local)) { - g_free(scan_data_local); + if (!set_band_freqs_2_4ghz(scan_data)) { + g_free(scan_data); return; } break; case WIFI_BAND_SELECTION_5GHZ: - if (!set_band_freqs_5ghz(scan_data_local)) { - g_free(scan_data_local); + if (!set_band_freqs_5ghz(scan_data)) { + g_free(scan_data); return; } break; @@ -6686,14 +6678,8 @@ static void set_band_freqs(GSupplicantScanParams **scan_data) /* Currently not supported */ /* fall through */ default: - g_free(scan_data_local); - return; + break; } - - if (*scan_data) - g_supplicant_free_scan_params(*scan_data); - - *scan_data = scan_data_local; } #endif @@ -6718,13 +6704,28 @@ int g_supplicant_interface_scan(GSupplicantInterface *interface, #if defined TIZEN_EXT data->interface->scan_callback = data->callback = callback; data->interface->scan_data = data->user_data = user_data; - set_band_freqs(&scan_data); - print_scan_freqs(scan_data); + + GSupplicantScanParams *scan_data_local = NULL; + + if (scan_data) { + set_band_freqs(scan_data); + print_scan_freqs(scan_data); + data->scan_params = scan_data; + } else { + scan_data_local = g_try_malloc0(sizeof(GSupplicantScanParams)); + if (!scan_data_local) { + SUPPLICANT_DBG("Failed to allocate memory."); + } else { + set_band_freqs(scan_data_local); + print_scan_freqs(scan_data_local); + data->scan_params = scan_data_local; + } + } #else data->callback = callback; data->user_data = user_data; -#endif data->scan_params = scan_data; +#endif interface->scan_callback = callback; interface->scan_data = user_data; @@ -6735,6 +6736,9 @@ int g_supplicant_interface_scan(GSupplicantInterface *interface, interface); if (ret < 0) { +#if defined TIZEN_EXT + g_free(scan_data_local); +#endif g_free(data->path); dbus_free(data); } |