From 0bbd4b30d618acd50bf2d6d09facf3e5f814e4ff Mon Sep 17 00:00:00 2001
From: Sander Vrijders <sander.vrijders@ugent.be>
Date: Sat, 25 Mar 2017 12:20:05 +0100
Subject: ipcpd: normal: Avoid double free

The flow manager should clean up the buffer after the call to frct
create instance has either failed or succeeded.
---
 src/ipcpd/normal/fmgr.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/ipcpd/normal/fmgr.c')

diff --git a/src/ipcpd/normal/fmgr.c b/src/ipcpd/normal/fmgr.c
index 8cefd317..d2966d0c 100644
--- a/src/ipcpd/normal/fmgr.c
+++ b/src/ipcpd/normal/fmgr.c
@@ -489,11 +489,13 @@ int fmgr_np1_alloc(int       fd,
 
         cep_id = frct_i_create(addr, &buf, cube);
         if (cep_id == INVALID_CEP_ID) {
-                free(buf.data);
                 pthread_rwlock_unlock(&fmgr.np1_flows_lock);
+                free(buf.data);
                 return -1;
         }
 
+        free(buf->data);
+
         fmgr.np1_fd_to_cep_id[fd] = cep_id;
         fmgr.np1_cep_id_to_fd[cep_id] = fd;
 
@@ -721,14 +723,12 @@ int fmgr_nm1_write_buf(struct pci * pci,
         fd = pff_nhop(fmgr.pff[pci->qos_id], pci->dst_addr);
         if (fd < 0) {
                 log_err("Could not get nhop for address %lu", pci->dst_addr);
-                free(buf->data);
                 return -1;
         }
 
         buffer = shm_pci_ser_buf(buf, pci);
         if (buffer == NULL) {
                 log_err("Failed to serialize buffer.");
-                free(buf->data);
                 return -1;
         }
 
-- 
cgit v1.2.3