[PATCH] fix potential use-after-free in dbus byte array demarshaling code

Tue Mar 4 07:04:04 PST 2008

The byte array code should be clearing its own pointer, not the string array pointer.

diff --git a/wpa_supplicant/dbus_dict_helpers.c b/wpa_supplicant/dbus_dict_helpers.c
index 1232ab2..d810979 100644
--- a/wpa_supplicant/dbus_dict_helpers.c
+++ b/wpa_supplicant/dbus_dict_helpers.c
@@ -674,7 +674,7 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_byte_array(
 	/* Zero-length arrays are valid. */
 	if (entry->array_len == 0) {
 		free(entry->bytearray_value);
-		entry->strarray_value = NULL;
+		entry->bytearray_value = NULL;
 	}
 
 	success = TRUE;


