[patch] relayd(8) may lose memory in relay_udp()

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[patch] relayd(8) may lose memory in relay_udp()

Igor Zinovik
        Hello, tech@ readers.

relayd(8) may lose memory allocate to varaible `cnl' (struct
ctl_natlook).  Seems that it should free `cnl' allocated memory.

--- relay_udp.c.orig Mon Jan 28 08:50:13 2008
+++ relay_udp.c Mon Jan 28 08:54:11 2008
@@ -261,6 +261,8 @@ relay_udp_server(int fd, short sig, void
  /* Save the received data */
  if (evbuffer_add(con->out.output, buf, len) == -1) {
  relay_close(con, "failed to store buffer");
+ if (cnl != NULL)
+ free(cnl);
  return;
  }

Reply | Threaded
Open this post in threaded view
|

Re: [patch] relayd(8) may lose memory in relay_udp()

patrick keshishian
On Jan 28, 2008 5:48 AM, Igor Zinovik <[hidden email]> wrote:

>         Hello, tech@ readers.
>
> relayd(8) may lose memory allocate to varaible `cnl' (struct
> ctl_natlook).  Seems that it should free `cnl' allocated memory.
>
> --- relay_udp.c.orig    Mon Jan 28 08:50:13 2008
> +++ relay_udp.c Mon Jan 28 08:54:11 2008
> @@ -261,6 +261,8 @@ relay_udp_server(int fd, short sig, void
>         /* Save the received data */
>         if (evbuffer_add(con->out.output, buf, len) == -1) {
>                 relay_close(con, "failed to store buffer");
> +               if (cnl != NULL)
> +                       free(cnl);
>                 return;
>         }

Source free(3):

     The free() function causes the space pointed to by ptr to be either
     placed on a list of free pages to make it available for future allocation
     or, if required, to be returned to the kernel using munmap(2).  If ptr is
     a null pointer, no action occurs.

The NULL check seems unnecessary.

Best,
--patrick

>
>



--
"How romantic. Two lovers' first kiss shared on
 the banks of the river Seine" -- LL as CK  (ep.72 s04e06)