diff options
| author | Jaehyun Kim <jeik01.kim@samsung.com> | 2023-03-31 22:38:29 +0900 |
|---|---|---|
| committer | Jaehyun Kim <jeik01.kim@samsung.com> | 2023-03-31 22:42:56 +0900 |
| commit | 5c15ba3d4d5c841cf53a17db452eed624ac68bb1 (patch) | |
| tree | 35d163866c75a6eedfd0dc686d7390034b9f46d9 | |
| parent | b70dafc0d1bb160625f34db0446c58b859982b48 (diff) | |
| download | connman-5c15ba3d4d5c841cf53a17db452eed624ac68bb1.tar.gz connman-5c15ba3d4d5c841cf53a17db452eed624ac68bb1.tar.bz2 connman-5c15ba3d4d5c841cf53a17db452eed624ac68bb1.zip | |
Fix crash issue when passphrase decryption fails
If the decryption request is successful
and there is an error in response,
memory is not allocated to the data->sid->passphrase.
However, even in this case, it is freed and it cause a crash.
So it has been modified to free only when memory is allocated.
In addition to this, there are other variables
that have similar problems,
so the related codes have also been modified.
Change-Id: If83febbccfcff82cf83279f7186df73aaee0854c
Signed-off-by: Jaehyun Kim <jeik01.kim@samsung.com>
| -rwxr-xr-x | gsupplicant/gsupplicant.h | 4 | ||||
| -rwxr-xr-x | gsupplicant/supplicant.c | 49 |
2 files changed, 38 insertions, 15 deletions
diff --git a/gsupplicant/gsupplicant.h b/gsupplicant/gsupplicant.h index 22b0b3e3..1a956290 100755 --- a/gsupplicant/gsupplicant.h +++ b/gsupplicant/gsupplicant.h @@ -231,6 +231,10 @@ struct _GSupplicantSSID { const char *connector; const char *c_sign_key; const char *net_access_key; + bool is_passphrase_alloc; + bool is_connector_alloc; + bool is_c_sign_key_alloc; + bool is_net_access_key_alloc; #endif }; diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c index 915ffb9f..e63831bf 100755 --- a/gsupplicant/supplicant.c +++ b/gsupplicant/supplicant.c @@ -6728,10 +6728,14 @@ static void interface_select_network_result(const char *error, #if defined TIZEN_EXT g_free(data->ssid->ssid); - g_free((char *)data->ssid->passphrase); - g_free((char *)data->ssid->connector); - g_free((char *)data->ssid->c_sign_key); - g_free((char *)data->ssid->net_access_key); + if (data->ssid->is_passphrase_alloc) + g_free((char *)data->ssid->passphrase); + if (data->ssid->is_connector_alloc) + g_free((char *)data->ssid->connector); + if (data->ssid->is_c_sign_key_alloc) + g_free((char *)data->ssid->c_sign_key); + if (data->ssid->is_net_access_key_alloc) + g_free((char *)data->ssid->net_access_key); #endif g_free(data->ssid); dbus_free(data); @@ -6820,10 +6824,14 @@ error: g_free(data->path); #if defined TIZEN_EXT g_free(data->ssid->ssid); - g_free((char *)data->ssid->passphrase); - g_free((char *)data->ssid->connector); - g_free((char *)data->ssid->c_sign_key); - g_free((char *)data->ssid->net_access_key); + if (data->ssid->is_passphrase_alloc) + g_free((char *)data->ssid->passphrase); + if (data->ssid->is_connector_alloc) + g_free((char *)data->ssid->connector); + if (data->ssid->is_c_sign_key_alloc) + g_free((char *)data->ssid->c_sign_key); + if (data->ssid->is_net_access_key_alloc) + g_free((char *)data->ssid->net_access_key); #endif g_free(data->ssid); g_free(data); @@ -7697,6 +7705,7 @@ static void decryption_request_reply(DBusPendingCall *call, dbus_message_iter_get_basic(&args, &out_data); data->ssid->passphrase = g_strdup((const gchar *)out_data); + data->ssid->is_passphrase_alloc = true; ret = supplicant_dbus_method_call(data->interface->path, SUPPLICANT_INTERFACE ".Interface", "AddNetwork", @@ -7710,10 +7719,14 @@ done: callback_assoc_failed(decrypt_request_data.data->user_data); g_free(data->path); g_free(data->ssid->ssid); - g_free((char *)data->ssid->passphrase); - g_free((char *)data->ssid->connector); - g_free((char *)data->ssid->c_sign_key); - g_free((char *)data->ssid->net_access_key); + if (data->ssid->is_passphrase_alloc) + g_free((char *)data->ssid->passphrase); + if (data->ssid->is_connector_alloc) + g_free((char *)data->ssid->connector); + if (data->ssid->is_c_sign_key_alloc) + g_free((char *)data->ssid->c_sign_key); + if (data->ssid->is_net_access_key_alloc) + g_free((char *)data->ssid->net_access_key); g_free(data->ssid); dbus_free(data); } @@ -7819,14 +7832,17 @@ static void decrypt_conf_obj_reply(DBusPendingCall *call, if (g_strcmp0(key, "connector") == 0) { dbus_message_iter_get_basic(&value, &out_data); data->ssid->connector = g_strdup((const gchar *)out_data); + data->ssid->is_connector_alloc = true; SUPPLICANT_DBG("connector %s", data->ssid->connector); } else if (g_strcmp0(key, "c_sign_key") == 0) { dbus_message_iter_get_basic(&value, &out_data); data->ssid->c_sign_key = g_strdup((const gchar *)out_data); + data->ssid->is_c_sign_key_alloc = true; SUPPLICANT_DBG("c_sign_key %s", data->ssid->c_sign_key); } else if (g_strcmp0(key, "net_access_key") == 0) { dbus_message_iter_get_basic(&value, &out_data); data->ssid->net_access_key = g_strdup((const gchar *)out_data); + data->ssid->is_net_access_key_alloc = true; SUPPLICANT_DBG("net_access_key %s", data->ssid->net_access_key); } } @@ -7845,9 +7861,12 @@ done: callback_assoc_failed(decrypt_request_data.data->user_data); g_free(data->path); g_free(data->ssid->ssid); - g_free((char *)data->ssid->connector); - g_free((char *)data->ssid->c_sign_key); - g_free((char *)data->ssid->net_access_key); + if (data->ssid->is_connector_alloc) + g_free((char *)data->ssid->connector); + if (data->ssid->is_c_sign_key_alloc) + g_free((char *)data->ssid->c_sign_key); + if (data->ssid->is_net_access_key_alloc) + g_free((char *)data->ssid->net_access_key); g_free(data->ssid); dbus_free(data); } |