Patchwork P2P: Check memory allocation result in a Service Discovery Response

login
register
mail settings
Submitter Masashi Honma
Date July 2, 2012, 12:03 p.m.
Message ID <CAFk-A4nu7XK-NiUzUzO7ipdEgbc+3ScmorDL83JRbXhMU+0Bgw@mail.gmail.com>
Download mbox | patch
Permalink /patch/168580/
State Accepted
Commit 8f4636e41c621b1a930b43614eda7825a3f20c2f
Headers show

Comments

Masashi Honma - July 2, 2012, 12:03 p.m.
Hello.

This patch adds a check of the return value of wpabuf_dup() in a large
Service Discovery Response.


Signed-hostap: Masashi Honma <masashi.honma@gmail.com>

 		resp = p2p_build_sd_response(dialog_token, WLAN_STATUS_SUCCESS,


Regards,
Masashi Honma.
Jouni Malinen - July 2, 2012, 5:55 p.m.
On Mon, Jul 02, 2012 at 09:03:37PM +0900, Masashi Honma wrote:
> This patch adds a check of the return value of wpabuf_dup() in a large
> Service Discovery Response.

Thanks, applied.

Patch

diff --git a/src/p2p/p2p_sd.c b/src/p2p/p2p_sd.c
index 1a57210..5cf1cfe 100644
--- a/src/p2p/p2p_sd.c
+++ b/src/p2p/p2p_sd.c
@@ -364,9 +364,14 @@  void p2p_sd_response(struct p2p_data *p2p, int
freq, const u8 *dst,
 				"previous SD response");
 			wpabuf_free(p2p->sd_resp);
 		}
+		p2p->sd_resp = wpabuf_dup(resp_tlvs);
+		if (p2p->sd_resp == NULL) {
+			wpa_msg(p2p->cfg->msg_ctx, MSG_ERROR, "P2P: Failed to "
+				"allocate SD response fragmentation area");
+			return;
+		}
 		os_memcpy(p2p->sd_resp_addr, dst, ETH_ALEN);
 		p2p->sd_resp_dialog_token = dialog_token;
-		p2p->sd_resp = wpabuf_dup(resp_tlvs);
 		p2p->sd_resp_pos = 0;
 		p2p->sd_frag_id = 0;