From 9614b7b5ad422b628e72e8a2e90e471b176e14a1 Mon Sep 17 00:00:00 2001
From: dimitri staessens <dimitri.staessens@ugent.be>
Date: Tue, 28 Mar 2017 11:05:18 +0200
Subject: ipcpd: Fix use-after-free in frct

---
 src/ipcpd/normal/frct.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/ipcpd')

diff --git a/src/ipcpd/normal/frct.c b/src/ipcpd/normal/frct.c
index 01bdb660..017d0d93 100644
--- a/src/ipcpd/normal/frct.c
+++ b/src/ipcpd/normal/frct.c
@@ -371,10 +371,11 @@ int frct_i_destroy(cep_id_t   id,
         pci.qos_id = instance->cube;
 
         frct.instances[id] = NULL;
-        destroy_frct_i(instance);
 
         release_cep_id(instance->cep_id);
 
+        destroy_frct_i(instance);
+
         pthread_mutex_unlock(&frct.instances_lock);
 
         if (buf != NULL && buf->data != NULL)
-- 
cgit v1.2.3


From 568803fce010565f8688a2a48614da083a264cf8 Mon Sep 17 00:00:00 2001
From: dimitri staessens <dimitri.staessens@ugent.be>
Date: Tue, 28 Mar 2017 11:09:34 +0200
Subject: ipcpd: Fix memleaks in fmgr

---
 src/ipcpd/normal/fmgr.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/ipcpd')

diff --git a/src/ipcpd/normal/fmgr.c b/src/ipcpd/normal/fmgr.c
index 5a1bd842..6d1694ab 100644
--- a/src/ipcpd/normal/fmgr.c
+++ b/src/ipcpd/normal/fmgr.c
@@ -579,6 +579,7 @@ int fmgr_np1_alloc_resp(int fd,
                 ipcp_flow_get_qoscube(fd, &cube);
                 if (frct_i_accept(fmgr.np1_fd_to_cep_id[fd], &buf, cube)) {
                         pthread_rwlock_unlock(&fmgr.np1_flows_lock);
+                        free(buf.data);
                         return -1;
                 }
                 flow_set_add(fmgr.np1_set[cube], fd);
@@ -586,6 +587,8 @@ int fmgr_np1_alloc_resp(int fd,
 
         pthread_rwlock_unlock(&fmgr.np1_flows_lock);
 
+        free(buf.data);
+
         return 0;
 }
 
@@ -753,6 +756,7 @@ int fmgr_nm1_write_buf(struct pci * pci,
                 return -1;
         }
 
+        free(buffer->data);
         free(buffer);
         return 0;
 }
-- 
cgit v1.2.3