Fix heap-use-after-free issue

Change-Id: If84ff301e9dd0ec05150210986e38e02d8e76518
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>

diff --git a/packaging/capi-network-nsd.spec b/packaging/capi-network-nsd.spec
index 3a821dcc202109c1acf36a503195d0b6d0b9fdea..fefa2559253dfe34ba85790b197469566563013f 100644 (file)
--- a/packaging/capi-network-nsd.spec
+++ b/packaging/capi-network-nsd.spec
@@ -1,6 +1,6 @@
 Name:       capi-network-nsd
 Summary:    A Network Service Discovery libraries in Native API
-Version:    0.0.25
+Version:    0.0.26
 Release:    1
 Group:      System/Network
 License:    Apache-2.0

diff --git a/src/dns-sd/dns-sd.c b/src/dns-sd/dns-sd.c
index c5c18b59c1f90cbb4513d3d544e55e5a162eb0ba..43ad9e227744956ef790d4b06b645b45f92631e6 100644 (file)
--- a/src/dns-sd/dns-sd.c
+++ b/src/dns-sd/dns-sd.c
@@ -69,7 +69,25 @@ static const char *dnssd_error_to_string(dnssd_error_e error)
        }
 }
 
-static dnssd_handle_s *__dnssd_check_handle_validity(
+static dnssd_handle_s *__dnssd_check_handle_validity(dnssd_handle_s *handle)
+{
+       __DNSSD_LOG_FUNC_ENTER__;
+       dnssd_handle_s *local_handle = NULL;
+       GSList *list;
+
+       for (list = dnssd_handle_list; list; list = list->next) {
+               local_handle = (dnssd_handle_s *)list->data;
+               if (local_handle == handle) {
+                       DNSSD_LOGD("Local handle %p is found", handle);
+                       __DNSSD_LOG_FUNC_EXIT__;
+                       return handle;
+               }
+       }
+       __DNSSD_LOG_FUNC_EXIT__;
+       return NULL;
+}
+
+static dnssd_handle_s *__dnssd_get_struct_from_handle(
                dnssd_service_h dnssd_service)
 {
        __DNSSD_LOG_FUNC_ENTER__;
@@ -269,7 +287,7 @@ static gboolean __dnssd_handle_io_events(GIOChannel *source,
        }
 
        handle = (dnssd_handle_s*)data;
-       if (__dnssd_check_handle_validity(handle->service_handler) == NULL) {
+       if (__dnssd_check_handle_validity(handle) == NULL) {
                DNSSD_LOGE("handle not found %p %u", handle, handle->service_handler);
                return FALSE;
        }
@@ -399,7 +417,7 @@ int dnssd_create_local_service(const char *service_type,
        }
 
        if (dnssd_service == NULL || service_type == NULL ||
-                       __dnssd_check_handle_validity(*dnssd_service) != NULL) {
+                       __dnssd_get_struct_from_handle(*dnssd_service) != NULL) {
                DNSSD_LOGE("Invalid Parameter");
                __DNSSD_LOG_FUNC_EXIT__;
                return DNSSD_ERROR_INVALID_PARAMETER;
@@ -446,7 +464,7 @@ int dnssd_destroy_local_service(dnssd_service_h dnssd_service)
                return DNSSD_ERROR_NOT_INITIALIZED;     //LCOV_EXCL_LINE
        }
 
-       local_handle = __dnssd_check_handle_validity(dnssd_service);
+       local_handle = __dnssd_get_struct_from_handle(dnssd_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -493,7 +511,7 @@ int dnssd_service_set_name(dnssd_service_h local_service,
                return DNSSD_ERROR_INVALID_PARAMETER;
        }
 
-       local_handle = __dnssd_check_handle_validity(local_service);
+       local_handle = __dnssd_get_struct_from_handle(local_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -536,7 +554,7 @@ int dnssd_service_set_port(dnssd_service_h local_service, int port)
                return DNSSD_ERROR_INVALID_PARAMETER;
        }
 
-       local_handle = __dnssd_check_handle_validity(local_service);
+       local_handle = __dnssd_get_struct_from_handle(local_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -581,7 +599,7 @@ int dnssd_service_set_interface(dnssd_service_h local_service, const char *inter
        }
        DNSSD_LOGD("Interface index: %u", if_index);
 
-       local_handle = __dnssd_check_handle_validity(local_service);
+       local_handle = __dnssd_get_struct_from_handle(local_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -621,7 +639,7 @@ int dnssd_service_add_txt_record(dnssd_service_h local_service,
                return DNSSD_ERROR_NOT_INITIALIZED;     //LCOV_EXCL_LINE
        }
 
-       local_handle = __dnssd_check_handle_validity(local_service);
+       local_handle = __dnssd_get_struct_from_handle(local_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -696,7 +714,7 @@ int dnssd_service_remove_txt_record(dnssd_service_h local_service,
                return DNSSD_ERROR_INVALID_PARAMETER;
        }
 
-       local_handle = __dnssd_check_handle_validity(local_service);
+       local_handle = __dnssd_get_struct_from_handle(local_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -751,7 +769,7 @@ int dnssd_service_set_record(dnssd_service_h local_service, unsigned short type,
                return DNSSD_ERROR_NOT_INITIALIZED;     //LCOV_EXCL_LINE
        }
 
-       local_handle = __dnssd_check_handle_validity(local_service);
+       local_handle = __dnssd_get_struct_from_handle(local_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -809,7 +827,7 @@ int dnssd_service_unset_record(dnssd_service_h local_service,
                return DNSSD_ERROR_NOT_INITIALIZED;             //LCOV_EXCL_LINE
        }
 
-       local_handle = __dnssd_check_handle_validity(local_service);
+       local_handle = __dnssd_get_struct_from_handle(local_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -918,7 +936,7 @@ int dnssd_register_local_service(dnssd_service_h local_service,
                return DNSSD_ERROR_NOT_INITIALIZED;     //LCOV_EXCL_LINE
        }
 
-       local_handle = __dnssd_check_handle_validity(local_service);
+       local_handle = __dnssd_get_struct_from_handle(local_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -988,7 +1006,7 @@ int dnssd_deregister_local_service(dnssd_service_h local_service)
                return DNSSD_ERROR_NOT_INITIALIZED;     //LCOV_EXCL_LINE
        }
 
-       local_handle = __dnssd_check_handle_validity(local_service);
+       local_handle = __dnssd_get_struct_from_handle(local_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -1074,7 +1092,7 @@ static void __dnssd_getaddrinfo_reply_cb(DNSServiceRef sd_ref,
                        found->if_index,
                        local_handle->flags);
 
-       dnssd_handle = __dnssd_check_handle_validity(found->browse_handler);
+       dnssd_handle = __dnssd_get_struct_from_handle(found->browse_handler);
        if (dnssd_handle == NULL) {
                DNSSD_LOGD("Invalid browse handle");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -1414,7 +1432,7 @@ int dnssd_start_browsing_service(const char *service_type,
        }
 
        if (dnssd_service == NULL || service_type == NULL ||
-                       __dnssd_check_handle_validity(*dnssd_service) != NULL) {
+                       __dnssd_get_struct_from_handle(*dnssd_service) != NULL) {
                DNSSD_LOGE("Invalid Parameter");
                __DNSSD_LOG_FUNC_EXIT__;
                return DNSSD_ERROR_INVALID_PARAMETER;
@@ -1490,7 +1508,7 @@ int dnssd_start_browsing_service_on_interface(const char *service_type, const ch
        }
 
        if (dnssd_service == NULL || service_type == NULL ||
-                       __dnssd_check_handle_validity(*dnssd_service) != NULL) {
+                       __dnssd_get_struct_from_handle(*dnssd_service) != NULL) {
                DNSSD_LOGE("Invalid Parameter");
                __DNSSD_LOG_FUNC_EXIT__;
                return DNSSD_ERROR_INVALID_PARAMETER;
@@ -1605,7 +1623,7 @@ int dnssd_stop_browsing_service(dnssd_browser_h dnssd_service)
                return DNSSD_ERROR_NOT_INITIALIZED;     //LCOV_EXCL_LINE
        }
 
-       local_handle = __dnssd_check_handle_validity(dnssd_service);
+       local_handle = __dnssd_get_struct_from_handle(dnssd_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler 0x%x not found", dnssd_service);
                __DNSSD_LOG_FUNC_EXIT__;
@@ -1675,7 +1693,7 @@ int dnssd_service_get_type(dnssd_service_h dnssd_service, char **service_type)
                return DNSSD_ERROR_INVALID_PARAMETER;
        }
 
-       local_handle = __dnssd_check_handle_validity(dnssd_service);
+       local_handle = __dnssd_get_struct_from_handle(dnssd_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -1708,7 +1726,7 @@ int dnssd_service_get_name(dnssd_service_h dnssd_service, char **service_name)
                return DNSSD_ERROR_INVALID_PARAMETER;
        }
 
-       local_handle = __dnssd_check_handle_validity(dnssd_service);
+       local_handle = __dnssd_get_struct_from_handle(dnssd_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -1758,7 +1776,7 @@ int dnssd_service_get_ip(dnssd_service_h dnssd_service, char **ip_v4_address,
                return DNSSD_ERROR_INVALID_PARAMETER;
        }
 
-       local_handle = __dnssd_check_handle_validity(dnssd_service);
+       local_handle = __dnssd_get_struct_from_handle(dnssd_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -1817,7 +1835,7 @@ int dnssd_service_get_port(dnssd_service_h dnssd_service, int *port)
                return DNSSD_ERROR_INVALID_PARAMETER;
        }
 
-       local_handle = __dnssd_check_handle_validity(dnssd_service);
+       local_handle = __dnssd_get_struct_from_handle(dnssd_service);
        if (local_handle == NULL) {
                DNSSD_LOGD("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;
@@ -1859,7 +1877,7 @@ int dnssd_service_get_all_txt_record(dnssd_service_h dnssd_service,
                return DNSSD_ERROR_NOT_INITIALIZED;     //LCOV_EXCL_LINE
        }
 
-       local_handle = __dnssd_check_handle_validity(dnssd_service);
+       local_handle = __dnssd_get_struct_from_handle(dnssd_service);
        if (local_handle == NULL) {
                DNSSD_LOGE("Service Handler not found");
                __DNSSD_LOG_FUNC_EXIT__;