This fixes a potential NULL pointer dereferencing in mesh_model_pub_set()
when virtual address publication cannot be successfully stored.
Also, fix a minor memory leak that may occur on unsuccessful model
initialization from storage.
---
mesh/model.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/mesh/model.c b/mesh/model.c
index c8eb8c607..82078ed85 100644
--- a/mesh/model.c
+++ b/mesh/model.c
@@ -1091,11 +1091,11 @@ int mesh_model_pub_set(struct mesh_node *node, uint16_t addr, uint32_t id,
status = set_virt_pub(mod, pub_addr, idx, cred_flag, ttl,
period, cnt, interval);
- *pub_dst = mod->pub->addr;
-
if (status != MESH_STATUS_SUCCESS)
return status;
+ *pub_dst = mod->pub->addr;
+
if (!mod->cbs)
/* External model */
config_update_model_pub_period(node, ele_idx, id,
@@ -1639,8 +1639,10 @@ static struct mesh_model *model_setup(struct mesh_net *net, uint8_t ele_idx,
/* Implicitly bind config server model to device key */
if (db_mod->id == CONFIG_SRV_MODEL) {
- if (ele_idx != PRIMARY_ELE_IDX)
+ if (ele_idx != PRIMARY_ELE_IDX) {
+ l_free(mod);
return NULL;
+ }
l_queue_push_head(mod->bindings,
L_UINT_TO_PTR(APP_IDX_DEV_LOCAL));
--
2.26.2
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=380861
---Test result---
##############################
Test: CheckPatch - PASS
##############################
Test: CheckGitLint - PASS
##############################
Test: CheckBuild - PASS
##############################
Test: MakeCheck - PASS
---
Regards,
Linux Bluetooth
Applied
On Mon, 2020-11-09 at 20:21 -0800, Inga Stotland wrote:
> This fixes a potential NULL pointer dereferencing in mesh_model_pub_set()
> when virtual address publication cannot be successfully stored.
> Also, fix a minor memory leak that may occur on unsuccessful model
> initialization from storage.
> ---
> mesh/model.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/mesh/model.c b/mesh/model.c
> index c8eb8c607..82078ed85 100644
> --- a/mesh/model.c
> +++ b/mesh/model.c
> @@ -1091,11 +1091,11 @@ int mesh_model_pub_set(struct mesh_node *node, uint16_t addr, uint32_t id,
> status = set_virt_pub(mod, pub_addr, idx, cred_flag, ttl,
> period, cnt, interval);
>
> - *pub_dst = mod->pub->addr;
> -
> if (status != MESH_STATUS_SUCCESS)
> return status;
>
> + *pub_dst = mod->pub->addr;
> +
> if (!mod->cbs)
> /* External model */
> config_update_model_pub_period(node, ele_idx, id,
> @@ -1639,8 +1639,10 @@ static struct mesh_model *model_setup(struct mesh_net *net, uint8_t ele_idx,
> /* Implicitly bind config server model to device key */
> if (db_mod->id == CONFIG_SRV_MODEL) {
>
> - if (ele_idx != PRIMARY_ELE_IDX)
> + if (ele_idx != PRIMARY_ELE_IDX) {
> + l_free(mod);
> return NULL;
> + }
>
> l_queue_push_head(mod->bindings,
> L_UINT_TO_PTR(APP_IDX_DEV_LOCAL));