P2P: Fix memory leak in p2p_process_nfc_connection_handover()

p2p_process_nfc_connection_handover() allocates msg memory in the parser
and might return before memory is released if the received message is
not valid.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>

diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index c54bb1e1c6ff3b13952f92d7b22be2482015f04a..16ffac4335194de46d6a18fb41ba06d50b3b4883 100644 (file)
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -5254,6 +5254,7 @@ int p2p_process_nfc_connection_handover(struct p2p_data *p2p,
 
        if (!msg.oob_go_neg_channel) {
                p2p_dbg(p2p, "OOB GO Negotiation Channel attribute not included");
+               p2p_parse_free(&msg);
                return -1;
        }
 
@@ -5265,6 +5266,7 @@ int p2p_process_nfc_connection_handover(struct p2p_data *p2p,
                                           msg.oob_go_neg_channel[4]);
        if (freq < 0) {
                p2p_dbg(p2p, "Unknown peer OOB GO Neg channel");
+               p2p_parse_free(&msg);
                return -1;
        }
        role = msg.oob_go_neg_channel[5];
@@ -5285,6 +5287,7 @@ int p2p_process_nfc_connection_handover(struct p2p_data *p2p,
                                           p2p->cfg->channel);
                if (freq < 0) {
                        p2p_dbg(p2p, "Own listen channel not known");
+                       p2p_parse_free(&msg);
                        return -1;
                }
                p2p_dbg(p2p, "Use own Listen channel as OOB GO Neg channel: %u MHz", freq);