From a59b71095a84dcbd7c3684639acf3dd3097bd3f2 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Sun, 16 Feb 2020 16:17:20 +0100 Subject: ipcpd: Fix double free, memleak and malloc check Some fixes in the multipath implementation related to memory management that showed up with the static analyzer. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/ipcpd/unicast/pol/graph.c | 9 +++++---- src/ipcpd/unicast/pol/multipath_pff.c | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'src/ipcpd/unicast') diff --git a/src/ipcpd/unicast/pol/graph.c b/src/ipcpd/unicast/pol/graph.c index 1e095ba4..a3689ad6 100644 --- a/src/ipcpd/unicast/pol/graph.c +++ b/src/ipcpd/unicast/pol/graph.c @@ -734,14 +734,14 @@ static int graph_routing_table_ecmp(struct graph * graph, src_v = find_vertex_by_addr(graph, s_addr); if (src_v == NULL) - goto fail_dijkstra; + goto fail_src_v; list_for_each(p, &src_v->edges) { int * tmp_dist; e = list_entry(p, struct edge, next); if (dijkstra(graph, e->nb->addr, &nhops, &tmp_dist)) - goto fail_dijkstra; + goto fail_src_v; free(nhops); @@ -751,7 +751,7 @@ static int graph_routing_table_ecmp(struct graph * graph, n = malloc(sizeof(*n)); if (n == NULL) { free(tmp_dist); - goto fail_dijkstra; + goto fail_src_v; } n->nhop = e->nb->addr; list_add_tail(&n->next, &forwarding[v->index]); @@ -796,9 +796,10 @@ static int graph_routing_table_ecmp(struct graph * graph, fail_t: free_routing_table(table); + fail_src_v: + free(*dist); fail_dijkstra: free(forwarding); - free(*dist); fail_vertices: *dist = NULL; return -1; diff --git a/src/ipcpd/unicast/pol/multipath_pff.c b/src/ipcpd/unicast/pol/multipath_pff.c index 8f619006..0fe101bc 100644 --- a/src/ipcpd/unicast/pol/multipath_pff.c +++ b/src/ipcpd/unicast/pol/multipath_pff.c @@ -132,7 +132,7 @@ int multipath_pff_update(struct pff_i * pff_i, assert(len > 0); tmp = malloc(sizeof(*tmp)); - if (fds == NULL) + if (tmp == NULL) return -ENOMEM; memcpy(tmp,fds, len * sizeof(*tmp)); @@ -142,7 +142,7 @@ int multipath_pff_update(struct pff_i * pff_i, return -1; } - if (pft_insert(pff_i->pft, addr, fds, 1)) { + if (pft_insert(pff_i->pft, addr, tmp, 1)) { free(tmp); return -1; } -- cgit v1.2.3