2021-05-14 18:56:28

by Steve Grubb

[permalink] [raw]
Subject: [Bluez PATCH 6/6] Fix leaks in tools


req is allocated memory that must be freed. It appears all other error
paths got fail which handles this.

g_new0 allocates memory to data which must be freed.

g_malloc0 allocates memory to comp which must be freed.

---
tools/mesh-cfgclient.c | 2 +-
tools/mesh-gatt/gatt.c | 1 +
tools/mesh-gatt/node.c | 12 +++++++++---
3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/tools/mesh-cfgclient.c b/tools/mesh-cfgclient.c
index 1eeed2a1a..49069674f 100644
--- a/tools/mesh-cfgclient.c
+++ b/tools/mesh-cfgclient.c
@@ -914,7 +914,7 @@ static void cmd_import_node(int argc, char *argv[])

/* Number of elements */
if (sscanf(argv[4], "%u", &req->arg3) != 1)
- return;
+ goto fail;

/* DevKey */
req->data2 = l_util_from_hexstring(argv[5], &sz);
diff --git a/tools/mesh-gatt/gatt.c b/tools/mesh-gatt/gatt.c
index b99234f91..c8a8123fb 100644
--- a/tools/mesh-gatt/gatt.c
+++ b/tools/mesh-gatt/gatt.c
@@ -525,6 +525,7 @@ bool mesh_gatt_notify(GDBusProxy *proxy, bool enable, GDBusReturnFunction cb,
notify_io_destroy();
if (cb)
cb(NULL, user_data);
+ g_free(data);
return true;
} else {
method = "StopNotify";
diff --git a/tools/mesh-gatt/node.c b/tools/mesh-gatt/node.c
index 6afda3387..356e1cd1a 100644
--- a/tools/mesh-gatt/node.c
+++ b/tools/mesh-gatt/node.c
@@ -396,8 +396,10 @@ bool node_parse_composition(struct mesh_node *node, uint8_t *data, uint16_t len)
uint16_t vendor_id;
struct mesh_element *ele;
ele = g_malloc0(sizeof(struct mesh_element));
- if (!ele)
+ if (!ele) {
+ g_free(comp);
return false;
+ }

ele->index = i;
ele->loc = get_le16(data);
@@ -412,8 +414,10 @@ bool node_parse_composition(struct mesh_node *node, uint8_t *data, uint16_t len)
mod_id = get_le16(data);
/* initialize uppper 16 bits to 0xffff for SIG models */
mod_id |= 0xffff0000;
- if (!node_set_model(node, ele->index, mod_id))
+ if (!node_set_model(node, ele->index, mod_id)) {
+ g_free(comp);
return false;
+ }
data += 2;
len -= 2;
}
@@ -421,8 +425,10 @@ bool node_parse_composition(struct mesh_node *node, uint8_t *data, uint16_t len)
mod_id = get_le16(data + 2);
vendor_id = get_le16(data);
mod_id |= (vendor_id << 16);
- if (!node_set_model(node, ele->index, mod_id))
+ if (!node_set_model(node, ele->index, mod_id)) {
+ g_free(comp);
return false;
+ }
data += 4;
len -= 4;
}
--
2.31.1