From cc648c10fea32171ee04a99051087ee26e4b5b22 Mon Sep 17 00:00:00 2001 From: Mikel Astiz Date: Fri, 4 May 2012 14:39:33 +0200 Subject: [PATCH] obexd: Fix possible double free of params obc_transfer_get() and obc_transfer_put() should only assume ownership of the given params only in case of success. Otherwise some erros might result in a double free of such memory. --- obexd/client/transfer.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/obexd/client/transfer.c b/obexd/client/transfer.c index 96ac05f63..38993c9b4 100644 --- a/obexd/client/transfer.c +++ b/obexd/client/transfer.c @@ -249,7 +249,6 @@ static struct obc_transfer *obc_transfer_register(DBusConnection *conn, const char *filename, const char *name, const char *type, - struct obc_transfer_params *params, GError **err) { struct obc_transfer *transfer; @@ -260,7 +259,6 @@ static struct obc_transfer *obc_transfer_register(DBusConnection *conn, transfer->filename = g_strdup(filename); transfer->name = g_strdup(name); transfer->type = g_strdup(type); - transfer->params = params; /* for OBEX specific mime types we don't need to register a transfer */ if (type != NULL && @@ -339,7 +337,7 @@ struct obc_transfer *obc_transfer_get(DBusConnection *conn, int perr; transfer = obc_transfer_register(conn, agent, G_OBEX_OP_GET, filename, - name, type, params, err); + name, type, err); if (transfer == NULL) return NULL; @@ -349,6 +347,8 @@ struct obc_transfer *obc_transfer_get(DBusConnection *conn, return NULL; } + transfer->params = params; + return transfer; } @@ -367,7 +367,7 @@ struct obc_transfer *obc_transfer_put(DBusConnection *conn, int perr; transfer = obc_transfer_register(conn, agent, G_OBEX_OP_PUT, filename, - name, type, params, err); + name, type, err); if (transfer == NULL) return NULL; @@ -401,6 +401,7 @@ struct obc_transfer *obc_transfer_put(DBusConnection *conn, } transfer->size = st.st_size; + transfer->params = params; return transfer; -- 2.47.3