From 5ef2801fb3dd1e5443de822f834d3f2ce43c9ddd Mon Sep 17 00:00:00 2001 From: Saurav Babu Date: Thu, 6 Sep 2018 11:53:21 +0530 Subject: [PATCH] Fixed crash in accessing non allocated memory In _load_configuration() config->ip_info was accessed without checking if it was allocated. This patch ensures that config->ip_info is always allocated when passing in _load_configuration() function. Change-Id: I61c5bc168915b9d4f4f6ba976132cfcf3836753f Signed-off-by: Saurav Babu --- src/wifi-config.c | 97 ++++++++++++++++++++++++----------------------- 1 file changed, 50 insertions(+), 47 deletions(-) diff --git a/src/wifi-config.c b/src/wifi-config.c index 1643e2c..79260c3 100755 --- a/src/wifi-config.c +++ b/src/wifi-config.c @@ -346,55 +346,56 @@ static gboolean _load_configuration(const gchar *config_id, struct wifi_config * config->is_hidden = g_strdup("FALSE"); DBG("is_hidden [%s]", config->is_hidden); - config->ip_info->ip_type = g_key_file_get_string(keyfile, group_name, - WIFI_CONFIG_IPV4_METHOD, NULL); - if (config->ip_info->ip_type) - DBG("IPv4.Method:%s", config->ip_info->ip_type); - - config->ip_info->ip_address = g_key_file_get_string(keyfile, group_name, - WIFI_CONFIG_IPV4_ADDRESS, NULL); - if (config->ip_info->ip_address) - DBG("IPv4.Address:%s", config->ip_info->ip_address); - - int prefix_len; - in_addr_t addr; - struct in_addr netmask; - char *mask; - prefix_len = g_key_file_get_integer(keyfile, group_name, - WIFI_CONFIG_IPV4_SUBNET_MASK, NULL); - addr = 0xffffffff << (32 - prefix_len); - netmask.s_addr = htonl(addr); - mask = inet_ntoa(netmask); - config->ip_info->subnet_mask = g_strdup(mask); - if (config->ip_info->subnet_mask) - DBG("IPv4.SubnetMask:%s", config->ip_info->subnet_mask); - - config->ip_info->gateway_address = g_key_file_get_string(keyfile, - group_name, WIFI_CONFIG_IPV4_GATEWAY_ADDRESS, - NULL); - if (config->ip_info->gateway_address) - DBG("IPv4.gateway:%s", config->ip_info->gateway_address); - - config->ip_info->dns_type = g_key_file_get_string(keyfile, group_name, - WIFI_CONFIG_IPV4_DNS_METHOD, NULL); - if (config->ip_info->dns_type) - DBG("DNS.IPv4Method:%s", config->ip_info->dns_type); - - char **nameservers; - gsize length; - nameservers = g_key_file_get_string_list(keyfile, group_name, - WIFI_CONFIG_DNS_ADDRESS, &length, NULL); - if (nameservers) { - if (length > 0) { - config->ip_info->dns_count = length; - int i = 0; - while (i < NET_DNS_ADDR_MAX && nameservers[i]) { - config->ip_info->dns_address[i] = g_strdup(nameservers[i]); - DBG("DNSAddress[%d]:%s", i+1, config->ip_info->dns_address[i]); - i += 1; + if (config->ip_info) { + config->ip_info->ip_type = g_key_file_get_string(keyfile, group_name, + WIFI_CONFIG_IPV4_METHOD, NULL); + if (config->ip_info->ip_type) + DBG("IPv4.Method:%s", config->ip_info->ip_type); + + config->ip_info->ip_address = g_key_file_get_string(keyfile, group_name, + WIFI_CONFIG_IPV4_ADDRESS, NULL); + if (config->ip_info->ip_address) + DBG("IPv4.Address:%s", config->ip_info->ip_address); + + int prefix_len; + in_addr_t addr; + struct in_addr netmask; + char *mask; + prefix_len = g_key_file_get_integer(keyfile, group_name, + WIFI_CONFIG_IPV4_SUBNET_MASK, NULL); + addr = 0xffffffff << (32 - prefix_len); + netmask.s_addr = htonl(addr); + mask = inet_ntoa(netmask); + config->ip_info->subnet_mask = g_strdup(mask); + if (config->ip_info->subnet_mask) + DBG("IPv4.SubnetMask:%s", config->ip_info->subnet_mask); + + config->ip_info->gateway_address = g_key_file_get_string(keyfile, + group_name, WIFI_CONFIG_IPV4_GATEWAY_ADDRESS, NULL); + if (config->ip_info->gateway_address) + DBG("IPv4.gateway:%s", config->ip_info->gateway_address); + + config->ip_info->dns_type = g_key_file_get_string(keyfile, group_name, + WIFI_CONFIG_IPV4_DNS_METHOD, NULL); + if (config->ip_info->dns_type) + DBG("DNS.IPv4Method:%s", config->ip_info->dns_type); + + char **nameservers; + gsize length; + nameservers = g_key_file_get_string_list(keyfile, group_name, + WIFI_CONFIG_DNS_ADDRESS, &length, NULL); + if (nameservers) { + if (length > 0) { + config->ip_info->dns_count = length; + int i = 0; + while (i < NET_DNS_ADDR_MAX && nameservers[i]) { + config->ip_info->dns_address[i] = g_strdup(nameservers[i]); + DBG("DNSAddress[%d]:%s", i+1, config->ip_info->dns_address[i]); + i += 1; + } } + g_strfreev(nameservers); } - g_strfreev(nameservers); } @@ -1339,10 +1340,12 @@ gboolean handle_load_eap_configuration(Wifi *wifi, GDBusMethodInvocation *contex conf = g_new0(struct wifi_config, 1); conf->eap_config = g_new0(struct wifi_eap_config, 1); + conf->ip_info = g_new0(wifi_ip_info_s, 1); ret = _load_configuration(config_id, conf); if (ret != TRUE) { g_free(conf->eap_config); + g_free(conf->ip_info); g_free(conf); ERR("Fail to _load_configuration"); netconfig_error_no_profile(context); -- 2.34.1