summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSander Vrijders <sander@ouroboros.rocks>2019-06-21 19:09:14 +0200
committerDimitri Staessens <dimitri@ouroboros.rocks>2019-06-21 19:46:40 +0200
commitc9232acef855b51d1bc199a68c03c0695ac11192 (patch)
treebd2827458e531a9bbb319724bdce40c2c2a9484d
parentdc6be97bccd86cfbd64586a5fd9faefb673b70a6 (diff)
downloadouroboros-c9232acef855b51d1bc199a68c03c0695ac11192.tar.gz
ouroboros-c9232acef855b51d1bc199a68c03c0695ac11192.zip
ipcpd: Fix use after free and uninitalized value
This fixes a use after free in an error condition, and makes sure that pid is set in the flow_set early on, so flow_set_destroy won't create a prefix with an uninitialized pid in case of an error in shm_flow_set_create. Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
-rw-r--r--src/ipcpd/normal/fa.c2
-rw-r--r--src/lib/shm_flow_set.c4
2 files changed, 3 insertions, 3 deletions
diff --git a/src/ipcpd/normal/fa.c b/src/ipcpd/normal/fa.c
index 76942143..fbcbc6fa 100644
--- a/src/ipcpd/normal/fa.c
+++ b/src/ipcpd/normal/fa.c
@@ -166,8 +166,8 @@ static void * fa_handle_packet(void * o)
buf = malloc(sizeof(*msg) + ipcp_dir_hash_len());
if (buf == NULL) {
log_err("Failed to allocate memory.");
- free(cmd);
ipcp_sdb_release(cmd->sdb);
+ free(cmd);
continue;
}
diff --git a/src/lib/shm_flow_set.c b/src/lib/shm_flow_set.c
index f1182a4d..e1e6c30d 100644
--- a/src/lib/shm_flow_set.c
+++ b/src/lib/shm_flow_set.c
@@ -148,6 +148,8 @@ struct shm_flow_set * shm_flow_set_create(pid_t pid)
if (set == NULL)
goto fail_set;
+ set->pid = getpid();
+
if (pthread_mutexattr_init(&mattr))
goto fail_mutexattr_init;
@@ -180,8 +182,6 @@ struct shm_flow_set * shm_flow_set_create(pid_t pid)
for (i = 0; i < SYS_MAX_FLOWS; ++i)
set->mtable[i] = -1;
- set->pid = getpid();
-
return set;
fail_init: