From 43a722f0dec2a966df276e61d1329435c3654fe8 Mon Sep 17 00:00:00 2001 From: David Cermak Date: Tue, 29 Jan 2019 10:32:12 +0100 Subject: [PATCH] mdns: fixed crash on free undefined ptr after skipped strdup Shortcircuit evaluation may cause skip of _mdns_strdup_check of any further question field, which after clear_rx_packet freed undefined memory. Fixes https://ezredmine.espressif.cn:8765/issues/28465 --- components/mdns/mdns.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/components/mdns/mdns.c b/components/mdns/mdns.c index f676b56d9..c77c9443f 100644 --- a/components/mdns/mdns.c +++ b/components/mdns/mdns.c @@ -2487,15 +2487,19 @@ handle_error : } /** - * @brief Duplicate string or return NULL + * @brief Duplicate string or return error */ -static char * _mdns_strdup_check(const char * in) +static esp_err_t _mdns_strdup_check(char ** out, char * in) { if (in && in[0]) { - return strdup(in); - } else { - return NULL; + *out = strdup(in); + if (!*out) { + return ESP_FAIL; + } + return ESP_OK; } + *out = NULL; + return ESP_OK; } /** @@ -2624,11 +2628,10 @@ void mdns_parse_packet(mdns_rx_packet_t * packet) question->unicast = unicast; question->type = type; - question->host = _mdns_strdup_check(name->host); - question->service = _mdns_strdup_check(name->service); - question->proto = _mdns_strdup_check(name->proto); - question->domain = _mdns_strdup_check(name->domain); - if (!question->host || !question->service || !question->proto || !question->domain) { + if (_mdns_strdup_check(&(question->host), name->host) + || _mdns_strdup_check(&(question->service), name->service) + || _mdns_strdup_check(&(question->proto), name->proto) + || _mdns_strdup_check(&(question->domain), name->domain)) { goto clear_rx_packet; } }