vpp-swan: fix segmentation fault in arp function
This patch adds a missing file descriptor free handler to prevent
invalid dereferencing in the future
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Idc809a70b1fedec9a06446344d5481d467c78c19
diff --git a/extras/strongswan/vpp_sswan/kernel_vpp_ipsec.c b/extras/strongswan/vpp_sswan/kernel_vpp_ipsec.c
index 2a0d86d..a51edcb 100644
--- a/extras/strongswan/vpp_sswan/kernel_vpp_ipsec.c
+++ b/extras/strongswan/vpp_sswan/kernel_vpp_ipsec.c
@@ -217,8 +217,8 @@
{
char *out = NULL;
int out_len = 0;
- vl_api_ip_neighbor_add_del_t *mp;
- vl_api_ip_neighbor_add_del_reply_t *rmp;
+ vl_api_ip_neighbor_add_del_t *mp = NULL;
+ vl_api_ip_neighbor_add_del_reply_t *rmp = NULL;
int rc = SUCCESS;
uint32_t sw_if_index = ~0;
@@ -231,12 +231,13 @@
unsigned char mac[8] = {
0,
};
- uint32_t addr;
+ uint32_t addr = 0;
if (if_name == NULL || ipStr == NULL)
{
DBG2 (DBG_KNL, "para is null\n");
rc = FAILED;
+ goto error;
}
DBG2 (DBG_KNL, "from kernel read mac\n");
@@ -250,7 +251,7 @@
}
fp = fopen (file, "rb");
- while ((nread = getline (&buffer, &len, fp)) != -1)
+ while (fp && ((nread = getline (&buffer, &len, fp)) != -1))
{
sscanf (buffer, "%s %*s %*s %s %*s %*s", &buf[0], &buf[1]);
inet_aton (&buf[0], &addr);
@@ -273,6 +274,7 @@
{
DBG1 (DBG_KNL, "vac %s neighbor entry",
add ? "adding" : "removing");
+ fclose (fp);
goto error;
}
rmp = (void *) out;
@@ -280,17 +282,32 @@
{
DBG1 (DBG_KNL, "%s neighbor add rv:%d", add ? "add" : "remove",
ntohl (rmp->retval));
+ fclose (fp);
goto error;
}
fclose (fp);
+ free (out);
+ vl_msg_api_free (mp);
+ free (buffer);
+
return rc;
}
}
- return rc;
+
+ if (fp != NULL)
+ {
+ fclose (fp);
+ fp = NULL;
+ }
error:
free (out);
vl_msg_api_free (mp);
+ if (buffer != NULL)
+ {
+ free (buffer);
+ buffer = NULL;
+ }
return rc;
}