[PATCH 1/2] ipcpd: Fix free in fail path of readdir

  • From: Dimitri Staessens <dimitri@ouroboros.rocks>
  • To: ouroboros@xxxxxxxxxxxxx
  • Date: Tue, 15 Feb 2022 20:23:49 +0100

The free of the buffer in the failure path of the readdir RIB
functions was taking the wrong pointer in a couple of places. The FRCT
RIB readdir was missing error handling for malloc and strdup.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
---
 src/ipcpd/unicast/dt.c                 | 2 +-
 src/ipcpd/unicast/fa.c                 | 2 +-
 src/ipcpd/unicast/routing/link-state.c | 2 +-
 src/lib/frct.c                         | 9 +++++++++
 4 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/ipcpd/unicast/dt.c b/src/ipcpd/unicast/dt.c
index 0f504daa..f2013809 100644
--- a/src/ipcpd/unicast/dt.c
+++ b/src/ipcpd/unicast/dt.c
@@ -312,7 +312,7 @@ static int dt_rib_readdir(char *** buf)
                 if ((*buf)[idx] == NULL) {
                         while (idx-- > 0)
                                 free((*buf)[idx]);
-                        free(buf);
+                        free(*buf);
                         pthread_mutex_unlock(&dt.stat[i].lock);
                         pthread_rwlock_unlock(&dt.lock);
                         return -ENOMEM;
diff --git a/src/ipcpd/unicast/fa.c b/src/ipcpd/unicast/fa.c
index 6e6d52f0..5edf77aa 100644
--- a/src/ipcpd/unicast/fa.c
+++ b/src/ipcpd/unicast/fa.c
@@ -238,7 +238,7 @@ static int fa_rib_readdir(char *** buf)
                 if ((*buf)[idx] == NULL) {
                         while (idx-- > 0)
                                 free((*buf)[idx]);
-                        free(buf);
+                        free(*buf);
                         pthread_rwlock_unlock(&fa.flows_lock);
                         return -ENOMEM;
                 }
diff --git a/src/ipcpd/unicast/routing/link-state.c 
b/src/ipcpd/unicast/routing/link-state.c
index 7ceb86a1..d6ecee99 100644
--- a/src/ipcpd/unicast/routing/link-state.c
+++ b/src/ipcpd/unicast/routing/link-state.c
@@ -273,7 +273,7 @@ static int lsdb_rib_readdir(char *** buf)
                 if ((*buf)[idx] == NULL) {
                         while (idx-- > 0)
                                 free((*buf)[idx]);
-                        free(buf);
+                        free(*buf);
                         pthread_rwlock_unlock(&ls.db_lock);
                         return -ENOMEM;
                 }
diff --git a/src/lib/frct.c b/src/lib/frct.c
index a1e792af..ff938aec 100644
--- a/src/lib/frct.c
+++ b/src/lib/frct.c
@@ -156,10 +156,19 @@ static int frct_rib_read(const char * path,
 static int frct_rib_readdir(char *** buf)
 {
         *buf = malloc(sizeof(**buf));
+        if (*buf == NULL)
+                goto fail_malloc;
 
         (*buf)[0] = strdup("frct");
+        if ((*buf)[0] == NULL)
+                goto fail_strdup;
 
         return 1;
+
+ fail_strdup:
+        free(*buf);
+ fail_malloc:
+        return -ENOMEM;
 }
 
 static int frct_rib_getattr(const char *      path,
-- 
2.35.1


Other related posts:

  • » [PATCH 1/2] ipcpd: Fix free in fail path of readdir - Dimitri Staessens