Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3718665pxb; Mon, 9 Nov 2020 20:22:23 -0800 (PST) X-Google-Smtp-Source: ABdhPJxs6I5jN6ja9RXf1hZ4royHJpsxE1fqh5bCHu/DJtN6EML03CJmtHXkUMx/yzR+4PDJgoZa X-Received: by 2002:a05:6402:b8e:: with SMTP id cf14mr18252272edb.86.1604982142786; Mon, 09 Nov 2020 20:22:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604982142; cv=none; d=google.com; s=arc-20160816; b=JE8RHW7EfOCa/Y9FdSKdmcJYWnuPaqbXKKSzVGp1NgTQsWgn4ZjSBCyYclgh2vQOD+ R8E0qHJJCzNy9i1+UH1EJqMKrVA8WJGPr5GBXYONcpmUFyikPsAGdqw6AF9k2FQ3f2gT AylGkEi0ttCJ8n/DipsyJPTB9Vn1bJKdrfH+ZJ/I2mx/vCOhikxvQr2UwtApEoyTr88V cySMF6p1ktOh06X13TFe/Bva/bgvdLIEBK/An2ii2bqmbiFoiKdvsoyjWbJwDbCfvuLV T0bD5rYpWa+iQwBFIHCYjLg5GO1Lh52JNK88RwvkujxA/RPo/C+9B/cT1wqmVkqX8eSi sMeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:ironport-sdr:ironport-sdr; bh=0DGGyn6C8xkSL0LJY8bnLYuDvjYqJbJG4PNkagsA/PE=; b=h7coJnmjkLv+niCPoppgbWgtwGbWqzyidqzj3+H/T0myfHxrmQn/IIZGa7bBFeTjXk XHJ5g4Zb/20xabTL8//Tvz9hxcRw+TFDjYAaWi2hlUCiqlEcCsPqnEMAOdHpJas+MwrQ V24fpn9v+4DgskY1MzdtawHkMbgTwL7j7+/B7cv2klWfXjfnjaaWXH8VdICzqFEj3ywR buphE3+3uzTKVIoTISu3TmSUsHk48IF7mXZh6f5jNX0PHbmkAoFoXPQ2XlbaLqFsMwel 9IKJbQEffxXF+S4G9RyXBtcdp9w5OHls1TbKyoozNnlpg50zxiW94RQAS/CHCVO6mwyB P7aQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w12si8652152ejf.73.2020.11.09.20.21.45; Mon, 09 Nov 2020 20:22:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731145AbgKJEVj (ORCPT + 99 others); Mon, 9 Nov 2020 23:21:39 -0500 Received: from mga17.intel.com ([192.55.52.151]:9942 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730921AbgKJEVj (ORCPT ); Mon, 9 Nov 2020 23:21:39 -0500 IronPort-SDR: /cG/oEZ3OFSdeZLOwaTPS7LqUBsJAbsqK76PsRtcVaJTXI898qj+KsSPAdMYusuw/qgwfOxrtw JalYQkZzzjcA== X-IronPort-AV: E=McAfee;i="6000,8403,9800"; a="149765233" X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="149765233" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2020 20:21:37 -0800 IronPort-SDR: Z/Cz0HTudo5hAXgwvd7jJLQfswHxiD57Yx1LXgmu2c2CsN59ba2HVzINqs/21yY8rk3eJwyUOL q65TzO9Dugcw== X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="541174927" Received: from weidongc-mobl.amr.corp.intel.com (HELO ingas-nuc1.intel.com) ([10.212.33.54]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2020 20:21:37 -0800 From: Inga Stotland To: linux-bluetooth@vger.kernel.org Cc: brian.gix@intel.com, Inga Stotland Subject: [PATCH BlueZ] mesh: Fix memory leak and NULL pointer dereference Date: Mon, 9 Nov 2020 20:21:27 -0800 Message-Id: <20201110042127.71045-1-inga.stotland@intel.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org This fixes a potential NULL pointer dereferencing in mesh_model_pub_set() when virtual address publication cannot be successfully stored. Also, fix a minor memory leak that may occur on unsuccessful model initialization from storage. --- mesh/model.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/mesh/model.c b/mesh/model.c index c8eb8c607..82078ed85 100644 --- a/mesh/model.c +++ b/mesh/model.c @@ -1091,11 +1091,11 @@ int mesh_model_pub_set(struct mesh_node *node, uint16_t addr, uint32_t id, status = set_virt_pub(mod, pub_addr, idx, cred_flag, ttl, period, cnt, interval); - *pub_dst = mod->pub->addr; - if (status != MESH_STATUS_SUCCESS) return status; + *pub_dst = mod->pub->addr; + if (!mod->cbs) /* External model */ config_update_model_pub_period(node, ele_idx, id, @@ -1639,8 +1639,10 @@ static struct mesh_model *model_setup(struct mesh_net *net, uint8_t ele_idx, /* Implicitly bind config server model to device key */ if (db_mod->id == CONFIG_SRV_MODEL) { - if (ele_idx != PRIMARY_ELE_IDX) + if (ele_idx != PRIMARY_ELE_IDX) { + l_free(mod); return NULL; + } l_queue_push_head(mod->bindings, L_UINT_TO_PTR(APP_IDX_DEV_LOCAL)); -- 2.26.2