Just recurse one more level for the byte array that corresponds to bonjour data and not for the variant holding upnp data. This patch prevents a segmentation fault occuring by dereferencing null upnp data. --- src/manager.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/manager.c b/src/manager.c index e97921b..17fd7ee 100644 --- a/src/manager.c +++ b/src/manager.c @@ -399,19 +399,20 @@ static int parse_peers_service_specs(DBusMessageIter *array, dbus_message_iter_next(&entry); dbus_message_iter_recurse(&entry, &inter); - dbus_message_iter_recurse(&inter, &value); if (!g_strcmp0(key, "BonjourResponse")) { + dbus_message_iter_recurse(&inter, &value); dbus_message_iter_get_fixed_array(&value, spec, spec_len); } else if (!g_strcmp0(key, "BonjourQuery")) { + dbus_message_iter_recurse(&inter, &value); dbus_message_iter_get_fixed_array(&value, query, query_len); } else if (!g_strcmp0(key, "UpnpService")) { - dbus_message_iter_get_basic(&value, spec); + dbus_message_iter_get_basic(&inter, spec); *spec_len = strlen((const char *)*spec)+1; } else if (!g_strcmp0(key, "UpnpVersion")) { - dbus_message_iter_get_basic(&value, version); + dbus_message_iter_get_basic(&inter, version); } else return -EINVAL; -- 1.9.1 _______________________________________________ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman