From 0bbd4b30d618acd50bf2d6d09facf3e5f814e4ff Mon Sep 17 00:00:00 2001
From: Sander Vrijders <sander.vrijders@ugent.be>
Date: Sat, 25 Mar 2017 12:20:05 +0100
Subject: ipcpd: normal: Avoid double free

The flow manager should clean up the buffer after the call to frct
create instance has either failed or succeeded.
---
 src/ipcpd/normal/fmgr.c    | 6 +++---
 src/ipcpd/normal/frct.c    | 1 +
 src/ipcpd/normal/shm_pci.c | 2 --
 3 files changed, 4 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/ipcpd/normal/fmgr.c b/src/ipcpd/normal/fmgr.c
index 8cefd317..d2966d0c 100644
--- a/src/ipcpd/normal/fmgr.c
+++ b/src/ipcpd/normal/fmgr.c
@@ -489,11 +489,13 @@ int fmgr_np1_alloc(int       fd,
 
         cep_id = frct_i_create(addr, &buf, cube);
         if (cep_id == INVALID_CEP_ID) {
-                free(buf.data);
                 pthread_rwlock_unlock(&fmgr.np1_flows_lock);
+                free(buf.data);
                 return -1;
         }
 
+        free(buf->data);
+
         fmgr.np1_fd_to_cep_id[fd] = cep_id;
         fmgr.np1_cep_id_to_fd[cep_id] = fd;
 
@@ -721,14 +723,12 @@ int fmgr_nm1_write_buf(struct pci * pci,
         fd = pff_nhop(fmgr.pff[pci->qos_id], pci->dst_addr);
         if (fd < 0) {
                 log_err("Could not get nhop for address %lu", pci->dst_addr);
-                free(buf->data);
                 return -1;
         }
 
         buffer = shm_pci_ser_buf(buf, pci);
         if (buffer == NULL) {
                 log_err("Failed to serialize buffer.");
-                free(buf->data);
                 return -1;
         }
 
diff --git a/src/ipcpd/normal/frct.c b/src/ipcpd/normal/frct.c
index 62cbf9f7..8bf080ce 100644
--- a/src/ipcpd/normal/frct.c
+++ b/src/ipcpd/normal/frct.c
@@ -280,6 +280,7 @@ cep_id_t frct_i_create(uint64_t   address,
                 pthread_mutex_unlock(&frct.instances_lock);
                 return INVALID_CEP_ID;
         }
+
         id = instance->cep_id;
         instance->cube = cube;
         pthread_mutex_unlock(&frct.instances_lock);
diff --git a/src/ipcpd/normal/shm_pci.c b/src/ipcpd/normal/shm_pci.c
index 1170adff..001463eb 100644
--- a/src/ipcpd/normal/shm_pci.c
+++ b/src/ipcpd/normal/shm_pci.c
@@ -188,8 +188,6 @@ buffer_t * shm_pci_ser_buf(buffer_t *   buf,
         memcpy(buffer->data + pci_info.head_size,
                buf->data, buf->len);
 
-        free(buf->data);
-
         if (pci_info.dtc.has_chk)
                 crc32((uint32_t *) (buffer->data +
                                     pci_info.head_size + buf->len),
-- 
cgit v1.2.3