Bug #298: tcpdump: leak of dump_if on errors - batctl - Open Mesh

Actions

Copy link

Bug #298

closed

tcpdump: leak of dump_if on errors

Added by Sven Eckelmann over 7 years ago. Updated about 7 years ago.

Status:

Closed

Priority:

Low

Assignee:

Sven Eckelmann

Target version:

batman-adv - 2017.0

Start date:

10/19/2016

Due date:

% Done:

Estimated time:

Description

Coverity reported following problem

1 new defect(s) introduced to batctl found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 153451:  Resource leaks  (RESOURCE_LEAK)
/tcpdump.c: 1304 in tcpdump()

________________________________________________________________________________________________________
*** CID 153451:  Resource leaks  (RESOURCE_LEAK)
/tcpdump.c: 1304 in tcpdump()
1298                            fflush(stdout);
1299                    }
1300     
1301            }
1302     
1303     out:
>>> CID 153451:  Resource leaks  (RESOURCE_LEAK)
>>> Overwriting "dump_if" in "dump_if = ({...})" leaks the storage that "dump_if" points to.
1304            list_for_each_entry_safe(dump_if, dump_if_tmp, &dump_if_list, list) {
1305                    if (dump_if->raw_sock >= 0)
1306                            close(dump_if->raw_sock);
1307     
1308                    list_del(&dump_if->list);
1309                    free(dump_if);

Looks like the problem is not this cleanup loop. Instead it is about a dump_if which is not completely initialized (and thus not part of this list) and then a different error happend which caused a goto to this cleanup routine. The pointer to the allocated dump_if is then overwritten by list_for_each_entry_safe without the memory of it being freed.