diff --git a/components/mdns/mdns.c b/components/mdns/mdns.c index e55f8c1945..53e04a6b5b 100644 --- a/components/mdns/mdns.c +++ b/components/mdns/mdns.c @@ -3171,9 +3171,9 @@ void mdns_parse_packet(mdns_rx_packet_t * packet) if (discovery) { service = _mdns_get_service_item(name->service, name->proto, NULL); _mdns_remove_parsed_question(parsed_packet, MDNS_TYPE_SDPTR, service); - } else if (parsed_packet->questions && !parsed_packet->probe) { + } else if (service && parsed_packet->questions && !parsed_packet->probe) { _mdns_remove_parsed_question(parsed_packet, type, service); - } else { + } else if (service) { //check if TTL is more than half of the full TTL value (4500) if (ttl > 2250) { _mdns_remove_scheduled_answer(packet->tcpip_if, packet->ip_protocol, type, service); @@ -3262,7 +3262,7 @@ void mdns_parse_packet(mdns_rx_packet_t * packet) } _mdns_restart_all_pcbs(); } - } else { + } else if (service) { _mdns_pcb_send_bye(packet->tcpip_if, packet->ip_protocol, &service, 1, false); _mdns_init_pcb_probe(packet->tcpip_if, packet->ip_protocol, &service, 1, false); } diff --git a/components/mdns/test_afl_fuzz_host/test.c b/components/mdns/test_afl_fuzz_host/test.c index 776a089cd9..58b304e922 100644 --- a/components/mdns/test_afl_fuzz_host/test.c +++ b/components/mdns/test_afl_fuzz_host/test.c @@ -205,6 +205,7 @@ int main(int argc, char** argv) // Note: parameter1 is a file (mangled packet) which caused the crash file = fopen(argv[1], "r"); assert(file >= 0 ); + len = fread(buf, 1, 1460, file); fclose(file); }