From: David Cermak Date: Tue, 29 Jan 2019 09:32:12 +0000 (+0100) Subject: mdns: fixed crash on free undefined ptr after skipped strdup X-Git-Tag: v3.2-beta3~28^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=43a722f0dec2a966df276e61d1329435c3654fe8;p=esp-idf mdns: fixed crash on free undefined ptr after skipped strdup Shortcircuit evaluation may cause skip of _mdns_strdup_check of any further question field, which after clear_rx_packet freed undefined memory. Fixes https://ezredmine.espressif.cn:8765/issues/28465 --- diff --git a/components/mdns/mdns.c b/components/mdns/mdns.c index f676b56d94..c77c9443fa 100644 --- a/components/mdns/mdns.c +++ b/components/mdns/mdns.c @@ -2487,15 +2487,19 @@ handle_error : } /** - * @brief Duplicate string or return NULL + * @brief Duplicate string or return error */ -static char * _mdns_strdup_check(const char * in) +static esp_err_t _mdns_strdup_check(char ** out, char * in) { if (in && in[0]) { - return strdup(in); - } else { - return NULL; + *out = strdup(in); + if (!*out) { + return ESP_FAIL; + } + return ESP_OK; } + *out = NULL; + return ESP_OK; } /** @@ -2624,11 +2628,10 @@ void mdns_parse_packet(mdns_rx_packet_t * packet) question->unicast = unicast; question->type = type; - question->host = _mdns_strdup_check(name->host); - question->service = _mdns_strdup_check(name->service); - question->proto = _mdns_strdup_check(name->proto); - question->domain = _mdns_strdup_check(name->domain); - if (!question->host || !question->service || !question->proto || !question->domain) { + if (_mdns_strdup_check(&(question->host), name->host) + || _mdns_strdup_check(&(question->service), name->service) + || _mdns_strdup_check(&(question->proto), name->proto) + || _mdns_strdup_check(&(question->domain), name->domain)) { goto clear_rx_packet; } }