diff mbox

Avoid double free(p2p->after_scan_tx) in p2p_deinit()

Message ID 1396284100.1214631467358955163.JavaMail.weblogic@epmlwas01b
State Changes Requested
Headers show

Commit Message

MAYANK HAARIT July 1, 2016, 7:42 a.m. UTC 
As p2p->after_scan_tx is already freeing in p2p_flush() , Although p2p->after_scan_tx is assigning to NULL in p2p_flush() . So double free in p2p_deinit() is dead code.

Signed-off-by: Mayank Haarit 
---
src/p2p/p2p.c |    1 -
1 files changed, 0 insertions(+), 1 deletions(-)

--
1.7.0.4

Comments

Jouni Malinen July 1, 2016, 6:02 p.m. UTC | #1 
On Fri, Jul 01, 2016 at 07:42:35AM +0000, MAYANK HAARIT wrote:
> As p2p->after_scan_tx is already freeing in p2p_flush() , Although p2p->after_scan_tx is assigning to NULL in p2p_flush() . So double free in p2p_deinit() is dead code.

"Double free" is normally used to refer to a critical security
vulnerability. What you describe here is no such thing. p2p_flush()
clearly resets the pointer to NULL and there is no double freeing of
anything here. As such, this commit log is really misleading and should
be reworded as doing cleanup by removing unnecessary os_free() call.

> Signed-off-by: Mayank Haarit 

The Signed-off-by: line needs to include an email address as described
in the top level CONTRIBUTIONS file.
diff mbox

Patch

diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index a209a56..f2b891b 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -2980,7 +2980,6 @@  void p2p_deinit(struct p2p_data *p2p)
        os_free(p2p->groups);
        p2ps_prov_free(p2p);
        wpabuf_free(p2p->sd_resp);
-       os_free(p2p->after_scan_tx);
        p2p_remove_wps_vendor_extensions(p2p);
        os_free(p2p->no_go_freq.range);
        p2p_service_flush_asp(p2p);