Fix memory leak in daemon_unpackapplyfilter() error paths#1640
Fix memory leak in daemon_unpackapplyfilter() error paths#1640nidu-ninja wants to merge 1 commit intothe-tcpdump-group:masterfrom
Conversation
|
Please put the commit message into the commit rather than request description and keep the existing indentation style. |
nidu-ninja
force-pushed
the
rpcapd-error-path-leak
branch
from
7b563c7 to
b76ffe6
Compare
|
For reference, this problem has been known as Coverity CID 1641537. |
| static int | ||
| daemon_unpackapplyfilter(PCAP_SOCKET sockctrl, SSL *ctrl_ssl, struct session *session, uint32_t *plenp, char *errmsgbuf) | ||
| { | ||
| int status; |
There was a problem hiding this comment.
As @infrastation said, please don't change the indentation style - it makes it difficult to see what the real changes are.
|
Avoid merge, use rebase on top of master. |
allocated BPF instruction memory was not freed on early-return error paths. This change introduces a structured cleanup block to ensure allocated memory is released when instruction reception, validation, or filter application fails.
nidu-ninja
force-pushed
the
rpcapd-error-path-leak
branch
from
7dc5fea to
d78dff8
Compare
| (EOA) as of December 31, 2017 | ||
| Make pcap_compile() error messages more uniform and consistent. | ||
| Deprecate pcap_compile_nopcap(). | ||
| Deprecate bpf_filter(). |
There was a problem hiding this comment.
That's a change for 1.10.7, not 1.11.0.
| Fix DECnet packet filtering on big-endian hosts. | ||
| Fix various failures to reject invalid DECnet primitives. | ||
| Require "vpi" and "vci" values to be within valid ranges. | ||
| Initialize the scratch memory store to 0. |
There was a problem hiding this comment.
This is the only change that you should be making to the CHANGES file.
| In "gateway" negate the host(s), but not the protocol. | ||
| Reject "gateway" within MPLS, VXLAN or Geneve. | ||
| In "net <n> mask <m>" catch ENOMEM for the "m" too. | ||
| Match both byte orders for the AF_ value when filtering DLT_NULL |
| Discuss Linux BPF extensions in the man pages. | ||
| Note endianness in pcap_compile(3PCAP) and pcap_lookupnet(3PCAP). | ||
| man: Document devices, interfaces and "any" better. | ||
| Remove list of OSes that support "ipv6-icmp"; all the ones we |
There was a problem hiding this comment.
This is another 1.10.7 change that should not be added here.
| Remove list of OSes that support "ipv6-icmp"; all the ones we | ||
| support appear to do so. | ||
| Add a README.qnx.md file. | ||
| Improve dcumentation of TLS supprt in rpcapd man page. |
There was a problem hiding this comment.
Don't remove existing CHANGES entries.
| QNX: | ||
| Disable zero-copy BPF to work around portability issues. | ||
| Use "unix.h" instead of the missing <sysexits.h>. | ||
| RDMA: |
There was a problem hiding this comment.
Don't remove existing CHANGES entries and don't remove the 1.10.7 set of changes.
|
It appears that you don't have the current version of the CHANGES file as the baseline for your change. Please fix that. |
|
Whitespaces change problem. Please fix. |
4 participants
Fix a memory leak in daemon_unpackapplyfilter() where dynamically
allocated BPF instruction memory was not freed on early-return
error paths.
This change introduces a structured cleanup block to ensure
allocated memory is released when instruction reception,
validation, or filter application fails.