On Mon, Nov 07, 2022 at 08:36:10PM +0100, Moritz Buhl wrote:
> Hi tech,
> Dear claudio,
>
> ctx might leak due to a prefix/rib dump new/subtree failing in calloc
> and then going to nomem in rde_dump_ctx_new.
>
> I am wondering if a similar fix is missing in rde_dump_done after
> the nomem label.
>
> thoughts?
Diff is OK claudio@
For rde_dump_done() I agree that something is missing.
It should probably be:
imsg_compose(...
LIST_REMOVE(ctx, entry);
free(ctx);
return;
}
Since the ctx is in this case still linked on the list and needs to be
unlinked before being removed.
> mbuhl
>
> Found by CodeChecker.
>
> Index: usr.sbin/bgpd/rde.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
> retrieving revision 1.578
> diff -u -p -r1.578 rde.c
> --- usr.sbin/bgpd/rde.c 23 Sep 2022 15:49:20 -0000 1.578
> +++ usr.sbin/bgpd/rde.c 7 Nov 2022 19:17:16 -0000
> @@ -2739,6 +2739,7 @@ rde_dump_ctx_new(struct ctl_show_rib_req
> error = CTL_RES_NOMEM;
> imsg_compose(ibuf_se_ctl, IMSG_CTL_RESULT, 0, pid, -1, &error,
> sizeof(error));
> + free(ctx);
> return;
> }
>
--
:wq Claudio
