cellular-infrastructure
/
osmo-ggsn
mirror of https://gerrit.osmocom.org/osmo-ggsn
9
0
Fork 0
Code Issues Releases Wiki Activity

Properly NULL-out blacklist in alloc_ippool_blacklist() 

This ensures that in case of error, any caller can still safely
call talloc_free() on the blacklist pointerm as free on NULL
is well-defined.  With the code prior to this patch we fear
a double-free.

Change-Id: Idc511cb3f0dfb922920aba8f88ea77df1722ecdc
This commit is contained in:
Harald Welte 2017-11-08 15:24:07 +09:00
parent 4c7d29107f
commit e2a1de5ca5
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ggsn/ggsn.c
View File

@ -152,26 +152,30 @@ static int alloc_ippool_blacklist(struct apn_ctx *apn, struct in46_prefix **blac
int flags, len, len2, i;
*blacklist = NULL;
if (ipv6)
flags = IP_TYPE_IPv6_NONLINK;
else
flags = IP_TYPE_IPv4;
while (1) {
len = tun_ip_local_get(apn->tun.tun, NULL, 0, flags);
len = netdev_ip_local_get(apn->tun.cfg.dev_name, NULL, 0, flags);
if (len < 1)
return len;
*blacklist = talloc_zero_size(apn, len * sizeof(struct in46_prefix));
len2 = tun_ip_local_get(apn->tun.tun, *blacklist, len, flags);
len2 = netdev_ip_local_get(apn->tun.cfg.dev_name, *blacklist, len, flags);
if (len2 < 1) {
talloc_free(*blacklist);
*blacklist = NULL;
return len2;
}
if (len2 > len) /* iface was added between 2 calls, repeat operation */
if (len2 > len) { /* iface was added between 2 calls, repeat operation */
talloc_free(*blacklist);
else
*blacklist = NULL;
} else
break;
}