From 139001b60b32e756e947d6e3a55767be9063029d Mon Sep 17 00:00:00 2001
From: dimitri staessens <dimitri.staessens@intec.ugent.be>
Date: Thu, 4 Aug 2016 12:53:28 +0200
Subject: ipcpd: Fix memory leaks

ipcp-data was not correctly destroyed.
---
 src/irmd/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/irmd')

diff --git a/src/irmd/main.c b/src/irmd/main.c
index 1c731788..b3228789 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -1464,7 +1464,7 @@ void * irm_flow_cleaner()
         }
 }
 
-void clean_msg(void * msg)
+static void clean_msg(void * msg)
 {
         irm_msg__free_unpacked(msg, NULL);
 }
-- 
cgit v1.2.3


From 2567329483ab1fe5384782da50e06aa0bbdd3cfe Mon Sep 17 00:00:00 2001
From: dimitri staessens <dimitri.staessens@intec.ugent.be>
Date: Thu, 4 Aug 2016 15:25:42 +0200
Subject: irmd: Fix destroying allocated flows

When a flow was in FLOW_ALLOCATED state, it would not change to NULL
state and irm_flow_destroy would hang forever.
---
 src/ipcpd/ipcp.c |  2 +-
 src/irmd/main.c  | 23 ++++++++++++++++-------
 2 files changed, 17 insertions(+), 8 deletions(-)

(limited to 'src/irmd')

diff --git a/src/ipcpd/ipcp.c b/src/ipcpd/ipcp.c
index 6b76f20e..9ecc411d 100644
--- a/src/ipcpd/ipcp.c
+++ b/src/ipcpd/ipcp.c
@@ -91,7 +91,7 @@ static void close_ptr(void * o)
         close(*((int *) o));
 }
 
-static void clean_msg (void * msg)
+static void clean_msg(void * msg)
 {
          ipcp_msg__free_unpacked(msg, NULL);
 }
diff --git a/src/irmd/main.c b/src/irmd/main.c
index b3228789..8c19990a 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -151,11 +151,13 @@ static void irm_flow_destroy(struct irm_flow * e)
 
         if (e->state == FLOW_PENDING)
                 e->state = FLOW_DESTROY;
+        else
+                e->state = FLOW_NULL;
 
         pthread_cond_signal(&e->state_cond);
         pthread_mutex_unlock(&e->state_lock);
 
-        pthread_cleanup_push((void(*)(void *)) pthread_mutex_unlock,
+        pthread_cleanup_push((void (*)(void *)) pthread_mutex_unlock,
                              (void *) &e->state_lock);
 
         while (e->state != FLOW_NULL)
@@ -942,6 +944,14 @@ static struct irm_flow * flow_alloc(pid_t  api,
         return pme;
 }
 
+static void cleanup_alloc_res(void * o)
+{
+        struct irm_flow * e = (struct irm_flow *) o;
+        if (e->state == FLOW_PENDING)
+                e->state = FLOW_NULL;
+        pthread_mutex_unlock(&e->state_lock);
+}
+
 static int flow_alloc_res(int port_id)
 {
         struct irm_flow * e;
@@ -979,8 +989,7 @@ static int flow_alloc_res(int port_id)
         pthread_rwlock_unlock(&irmd->state_lock);
 
         pthread_mutex_lock(&e->state_lock);
-        pthread_cleanup_push((void(*)(void *))pthread_mutex_unlock,
-                             (void*) &e->state_lock);
+        pthread_cleanup_push(cleanup_alloc_res, (void *) e);
 
         while (e->state == FLOW_PENDING)
                 pthread_cond_wait(&e->state_cond, &e->state_lock);
@@ -1035,7 +1044,7 @@ static int flow_dealloc(int port_id)
 
         pthread_rwlock_unlock(&irmd->state_lock);
 
-        free(e);
+        irm_flow_destroy(e);
 
         return ret;
 }
@@ -1147,7 +1156,7 @@ static struct irm_flow * flow_req_arr(pid_t  api,
                 pthread_rwlock_unlock(&irmd->reg_lock);
 
                 pthread_mutex_lock(&rne->state_lock);
-                pthread_cleanup_push((void(*)(void *)) pthread_mutex_unlock,
+                pthread_cleanup_push((void (*)(void *)) pthread_mutex_unlock,
                                      (void *) &rne->state_lock);
 
                 while (rne->state == REG_NAME_AUTO_EXEC)
@@ -1203,7 +1212,7 @@ static struct irm_flow * flow_req_arr(pid_t  api,
 
         pthread_rwlock_unlock(&irmd->state_lock);
 
-        pthread_cleanup_push((void(*)(void *)) pthread_mutex_unlock,
+        pthread_cleanup_push((void (*)(void *)) pthread_mutex_unlock,
                              (void *) &rne->state_lock);
 
         while (rne->state == REG_NAME_FLOW_ARRIVED &&
@@ -1268,7 +1277,7 @@ static int flow_dealloc_ipcp(int port_id)
         pthread_rwlock_unlock(&irmd->flows_lock);
         pthread_rwlock_unlock(&irmd->state_lock);
 
-        free(e);
+        irm_flow_destroy(e);
 
         return 0;
 }
-- 
cgit v1.2.3


From dd808dd6cd7eb4690bfc009eb8dd8150944f75b6 Mon Sep 17 00:00:00 2001
From: dimitri staessens <dimitri.staessens@intec.ugent.be>
Date: Thu, 4 Aug 2016 16:39:00 +0200
Subject: irmd: Fix potential object access after free

---
 src/irmd/main.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/irmd')

diff --git a/src/irmd/main.c b/src/irmd/main.c
index 8c19990a..f2a6733d 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -1434,6 +1434,7 @@ void * irm_flow_cleaner()
                                 if (n_rb != NULL)
                                         shm_ap_rbuff_destroy(n_rb);
                                 irm_flow_destroy(e);
+                                continue;
                         }
                         if (kill(e->n_1_api, 0) < 0) {
                                 struct shm_ap_rbuff * n_1_rb =
-- 
cgit v1.2.3


From 2164c4ce67acde4282a579937a784647b66f4d72 Mon Sep 17 00:00:00 2001
From: dimitri staessens <dimitri.staessens@intec.ugent.be>
Date: Thu, 4 Aug 2016 16:59:31 +0200
Subject: tools: oping: Fix division by zero

When killing the oping client before it sent an SDU, some bad
operations were being performed.
---
 src/irmd/main.c                |  8 ++++----
 src/irmd/registry.c            |  2 +-
 src/tools/oping/oping_client.c | 23 ++++++++++++++---------
 3 files changed, 19 insertions(+), 14 deletions(-)

(limited to 'src/irmd')

diff --git a/src/irmd/main.c b/src/irmd/main.c
index f2a6733d..0c1cd25d 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -657,10 +657,10 @@ static int ap_reg(char *  name,
                                 LOG_ERR("Could not register %s in DIF %s.",
                                         name, e->dif_name);
                         } else {
-                                if(registry_add_name_to_dif(&irmd->registry,
-                                                            name,
-                                                            e->dif_name,
-                                                            e->type) < 0)
+                                if (registry_add_name_to_dif(&irmd->registry,
+                                                             name,
+                                                             e->dif_name,
+                                                             e->type) < 0)
                                         LOG_WARN("Registered unbound name %s. "
                                                  "Registry may be inconsistent",
                                                  name);
diff --git a/src/irmd/registry.c b/src/irmd/registry.c
index a1d1238d..fc7213ab 100644
--- a/src/irmd/registry.c
+++ b/src/irmd/registry.c
@@ -210,7 +210,7 @@ static struct reg_entry * reg_entry_create()
 }
 
 static struct reg_entry * reg_entry_init(struct reg_entry * e,
-                                  char *             name)
+                                         char *             name)
 {
         if (e == NULL || name == NULL)
                 return NULL;
diff --git a/src/tools/oping/oping_client.c b/src/tools/oping/oping_client.c
index 23a57549..7693ce41 100644
--- a/src/tools/oping/oping_client.c
+++ b/src/tools/oping/oping_client.c
@@ -212,16 +212,21 @@ int client_main()
         printf("--- %s ping statistics ---\n", client.s_apn);
         printf("%d SDU's transmitted, ", client.sent);
         printf("%d received, ", client.rcvd);
-        printf("%d%% packet loss, ", 100 - ((100 * client.rcvd) / client.sent));
+        printf("%d%% packet loss, ", client.sent == 0 ? 0 :
+               100 - ((100 * client.rcvd) / client.sent));
         printf("time: %.3f ms\n", ts_diff_us(&tic, &toc) / 1000.0);
-        printf("rtt min/avg/max/mdev = %.3f/%.3f/%.3f/",
-               client.rtt_min,
-               client.rtt_avg,
-               client.rtt_max);
-        client.rcvd > 1 ?
-                printf("%.3f ms\n",
-                       sqrt(client.rtt_m2 / (float) (client.rcvd - 1))) :
-                printf("Nan ms\n");
+
+        if (client.rcvd > 0) {
+                printf("rtt min/avg/max/mdev = %.3f/%.3f/%.3f/",
+                       client.rtt_min,
+                       client.rtt_avg,
+                       client.rtt_max);
+                if (client.rcvd > 1)
+                        printf("%.3f ms\n",
+                               sqrt(client.rtt_m2 / (float) (client.rcvd - 1)));
+                else
+                        printf("NaN ms\n");
+        }
 
         pthread_mutex_lock(&client.lock);
         free(client.times);
-- 
cgit v1.2.3


From 88fb2d900e12f65265207cc39b2d19b8a095d1b4 Mon Sep 17 00:00:00 2001
From: dimitri staessens <dimitri.staessens@intec.ugent.be>
Date: Thu, 4 Aug 2016 17:02:34 +0200
Subject: irmd: Remove ipcp type from registration message

---
 src/irmd/main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/irmd')

diff --git a/src/irmd/main.c b/src/irmd/main.c
index 0c1cd25d..69ce765c 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -664,8 +664,8 @@ static int ap_reg(char *  name,
                                         LOG_WARN("Registered unbound name %s. "
                                                  "Registry may be inconsistent",
                                                  name);
-                                LOG_INFO("Registered %s in %s %d.",
-                                         name, e->dif_name, e->type);
+                                LOG_INFO("Registered %s in %s.",
+                                         name, e->dif_name);
                                 ++ret;
                         }
                 }
-- 
cgit v1.2.3