gobex: Fix use after free

author Andrei Emeltchenko <andrei.emeltchenko@intel.com>

Mon, 11 Aug 2014 07:50:42 +0000 (10:50 +0300)

committer Johan Hedberg <johan.hedberg@intel.com>

Mon, 11 Aug 2014 13:27:56 +0000 (16:27 +0300)
author Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Mon, 11 Aug 2014 07:50:42 +0000 (10:50 +0300)
committer Johan Hedberg <johan.hedberg@intel.com>
Mon, 11 Aug 2014 13:27:56 +0000 (16:27 +0300)
diff --git a/gobex/gobex-transfer.c b/gobex/gobex-transfer.c

index efae72b..d7707f9 100644 (file)
--- a/gobex/gobex-transfer.c
+++ b/gobex/gobex-transfer.c
@@ -553,7 +553,8 @@ static gssize get_get_data(void *buf, gsize len, gpointer user_data)
         return ret;
  }
  
-static void transfer_get_req_first(struct transfer *transfer, GObexPacket *rsp)
+static gboolean transfer_get_req_first(struct transfer *transfer,
+                                                       GObexPacket *rsp)
  {
         GError *err = NULL;
  
@@ -564,7 +565,10 @@ static void transfer_get_req_first(struct transfer *transfer, GObexPacket *rsp)
         if (!g_obex_send(transfer->obex, rsp, &err)) {
                 transfer_complete(transfer, err);
                 g_error_free(err);
+               return FALSE;
         }
+
+       return TRUE;
  }
  
  static void transfer_get_req(GObex *obex, GObexPacket *req, gpointer user_data)
@@ -596,7 +600,8 @@ guint g_obex_get_rsp_pkt(GObex *obex, GObexPacket *rsp,
         transfer = transfer_new(obex, G_OBEX_OP_GET, complete_func, user_data);
         transfer->data_producer = data_func;
  
-       transfer_get_req_first(transfer, rsp);
+       if (!transfer_get_req_first(transfer, rsp))
+               return 0;
  
         if (!g_slist_find(transfers, transfer))
                 return 0;
author	Andrei Emeltchenko <andrei.emeltchenko@intel.com>
	Mon, 11 Aug 2014 07:50:42 +0000 (10:50 +0300)
committer	Johan Hedberg <johan.hedberg@intel.com>
	Mon, 11 Aug 2014 13:27:56 +0000 (16:27 +0300)