diff options
| author | Debarshi Ray <rishi@gnu.org> | 2017-09-20 09:48:24 -0400 |
|---|---|---|
| committer | Debarshi Ray <rishi@gnu.org> | 2017-09-20 09:48:24 -0400 |
| commit | 182c375893496f9c567697c308786246556e99a4 (patch) | |
| tree | 70846a444aa56a66f65c55f2f3cfb9867ce3b903 | |
| parent | af29915c6a23a50b62f27bb3b82cb22c917992e6 (diff) | |
| download | pidgin-182c375893496f9c567697c308786246556e99a4.tar.gz | |
jabber: Avoid a use-after-free in an error path
If jabber_buddy_find_resource returned NULL, 'resource' was being used
to print an error after it had already been freed. The easiest way to
prevent that is to consolidate all the local resource deallocation and
exit paths in one place.
Fixes #17200
| -rw-r--r-- | libpurple/protocols/jabber/jingle/rtp.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/libpurple/protocols/jabber/jingle/rtp.c b/libpurple/protocols/jabber/jingle/rtp.c index 876b80fb36..05cb2cb1bb 100644 --- a/libpurple/protocols/jabber/jingle/rtp.c +++ b/libpurple/protocols/jabber/jingle/rtp.c @@ -950,6 +950,7 @@ jingle_rtp_initiate_media(JabberStream *js, const gchar *who, JingleTransport *transport; JabberBuddy *jb; JabberBuddyResource *jbr; + gboolean ret = FALSE; const gchar *transport_type; gchar *resource = NULL, *me = NULL, *sid = NULL; @@ -958,16 +959,15 @@ jingle_rtp_initiate_media(JabberStream *js, const gchar *who, jb = jabber_buddy_find(js, who, FALSE); if (!jb) { purple_debug_error("jingle-rtp", "Could not find Jabber buddy\n"); - return FALSE; + goto out; } resource = jabber_get_resource(who); jbr = jabber_buddy_find_resource(jb, resource); - g_free(resource); if (!jbr) { purple_debug_error("jingle-rtp", "Could not find buddy's resource - %s\n", resource); - return FALSE; + goto out; } if (jabber_resource_has_capability(jbr, JINGLE_TRANSPORT_ICEUDP)) { @@ -977,7 +977,7 @@ jingle_rtp_initiate_media(JabberStream *js, const gchar *who, } else { purple_debug_error("jingle-rtp", "Resource doesn't support " "the same transport types\n"); - return FALSE; + goto out; } /* set ourselves as initiator */ @@ -985,7 +985,6 @@ jingle_rtp_initiate_media(JabberStream *js, const gchar *who, sid = jabber_get_next_id(js); session = jingle_session_create(js, sid, me, who, TRUE); - g_free(sid); if (type & PURPLE_MEDIA_AUDIO) { @@ -1005,13 +1004,17 @@ jingle_rtp_initiate_media(JabberStream *js, const gchar *who, jingle_rtp_init_media(content); } - g_free(me); - if (jingle_rtp_get_media(session) == NULL) { - return FALSE; + goto out; } - return TRUE; + ret = TRUE; + +out: + g_free(me); + g_free(resource); + g_free(sid); + return ret; } void |