From 27fc2850005fd5fe91f713869188a79532256e33 Mon Sep 17 00:00:00 2001 From: David Cermak Date: Wed, 9 Jun 2021 09:59:25 +0200 Subject: [PATCH] mdns: Fix crashes reported by the fuzzer * Original commit: espressif/esp-idf@79ba738626d643d8c6f32bdcd455e0d2476f94c7 --- components/mdns/mdns.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/mdns/mdns.c b/components/mdns/mdns.c index fe2c2f85f..1858859ba 100644 --- a/components/mdns/mdns.c +++ b/components/mdns/mdns.c @@ -2751,7 +2751,7 @@ static bool _mdns_question_matches(mdns_parsed_question_t * question, uint16_t t && !strcasecmp(MDNS_DEFAULT_DOMAIN, question->domain)) { return true; } - } else if (type == MDNS_TYPE_SRV || type == MDNS_TYPE_TXT) { + } else if (service && (type == MDNS_TYPE_SRV || type == MDNS_TYPE_TXT)) { const char * name = _mdns_get_service_instance_name(service->service); if (name && question->host && !strcasecmp(name, question->host) && !strcasecmp(service->service->service, question->service) @@ -3292,7 +3292,7 @@ void mdns_parse_packet(mdns_rx_packet_t * packet) } else if (service) { // only detect txt collision if service existed col = _mdns_check_txt_collision(service->service, data_ptr, data_len); } - if (col && !_mdns_server->interfaces[packet->tcpip_if].pcbs[packet->ip_protocol].probe_running) { + if (col && !_mdns_server->interfaces[packet->tcpip_if].pcbs[packet->ip_protocol].probe_running && service) { do_not_reply = true; _mdns_init_pcb_probe(packet->tcpip_if, packet->ip_protocol, &service, 1, true); } else if (ttl > 2250 && !col && !parsed_packet->authoritative && !parsed_packet->probe && !parsed_packet->questions && !_mdns_server->interfaces[packet->tcpip_if].pcbs[packet->ip_protocol].probe_running) {