From c9232acef855b51d1bc199a68c03c0695ac11192 Mon Sep 17 00:00:00 2001 From: Sander Vrijders Date: Fri, 21 Jun 2019 19:09:14 +0200 Subject: ipcpd: Fix use after free and uninitalized value This fixes a use after free in an error condition, and makes sure that pid is set in the flow_set early on, so flow_set_destroy won't create a prefix with an uninitialized pid in case of an error in shm_flow_set_create. Signed-off-by: Sander Vrijders Signed-off-by: Dimitri Staessens --- src/ipcpd/normal/fa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/ipcpd') diff --git a/src/ipcpd/normal/fa.c b/src/ipcpd/normal/fa.c index 76942143..fbcbc6fa 100644 --- a/src/ipcpd/normal/fa.c +++ b/src/ipcpd/normal/fa.c @@ -166,8 +166,8 @@ static void * fa_handle_packet(void * o) buf = malloc(sizeof(*msg) + ipcp_dir_hash_len()); if (buf == NULL) { log_err("Failed to allocate memory."); - free(cmd); ipcp_sdb_release(cmd->sdb); + free(cmd); continue; } -- cgit v1.2.3