diff mbox series

[BlueZ] mesh: Fix memory leak and NULL pointer dereference

Message ID 20201110042127.71045-1-inga.stotland@intel.com (mailing list archive)
State New, archived
Headers show
Series [BlueZ] mesh: Fix memory leak and NULL pointer dereference | expand

Commit Message

Stotland, Inga Nov. 10, 2020, 4:21 a.m. UTC 
This fixes a potential NULL pointer dereferencing in mesh_model_pub_set()
when virtual address publication cannot be successfully stored.
Also, fix a minor memory leak that may occur on unsuccessful model
initialization from storage.
---
 mesh/model.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

Comments

bluez.test.bot@gmail.com Nov. 10, 2020, 4:46 a.m. UTC | #1 
This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=380861

---Test result---

##############################
Test: CheckPatch - PASS

##############################
Test: CheckGitLint - PASS

##############################
Test: CheckBuild - PASS

##############################
Test: MakeCheck - PASS



---
Regards,
Linux Bluetooth
Brian Gix Nov. 10, 2020, 6:26 p.m. UTC | #2 
Applied

On Mon, 2020-11-09 at 20:21 -0800, Inga Stotland wrote:
> This fixes a potential NULL pointer dereferencing in mesh_model_pub_set()
> when virtual address publication cannot be successfully stored.
> Also, fix a minor memory leak that may occur on unsuccessful model
> initialization from storage.
> ---
>  mesh/model.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/mesh/model.c b/mesh/model.c
> index c8eb8c607..82078ed85 100644
> --- a/mesh/model.c
> +++ b/mesh/model.c
> @@ -1091,11 +1091,11 @@ int mesh_model_pub_set(struct mesh_node *node, uint16_t addr, uint32_t id,
>  		status = set_virt_pub(mod, pub_addr, idx, cred_flag, ttl,
>  							period, cnt, interval);
>  
> -	*pub_dst = mod->pub->addr;
> -
>  	if (status != MESH_STATUS_SUCCESS)
>  		return status;
>  
> +	*pub_dst = mod->pub->addr;
> +
>  	if (!mod->cbs)
>  		/* External model */
>  		config_update_model_pub_period(node, ele_idx, id,
> @@ -1639,8 +1639,10 @@ static struct mesh_model *model_setup(struct mesh_net *net, uint8_t ele_idx,
>  	/* Implicitly bind config server model to device key */
>  	if (db_mod->id == CONFIG_SRV_MODEL) {
>  
> -		if (ele_idx != PRIMARY_ELE_IDX)
> +		if (ele_idx != PRIMARY_ELE_IDX) {
> +			l_free(mod);
>  			return NULL;
> +		}
>  
>  		l_queue_push_head(mod->bindings,
>  					L_UINT_TO_PTR(APP_IDX_DEV_LOCAL));
diff mbox series

Patch

diff --git a/mesh/model.c b/mesh/model.c
index c8eb8c607..82078ed85 100644
--- a/mesh/model.c
+++ b/mesh/model.c
@@ -1091,11 +1091,11 @@  int mesh_model_pub_set(struct mesh_node *node, uint16_t addr, uint32_t id,
 		status = set_virt_pub(mod, pub_addr, idx, cred_flag, ttl,
 							period, cnt, interval);
 
-	*pub_dst = mod->pub->addr;
-
 	if (status != MESH_STATUS_SUCCESS)
 		return status;
 
+	*pub_dst = mod->pub->addr;
+
 	if (!mod->cbs)
 		/* External model */
 		config_update_model_pub_period(node, ele_idx, id,
@@ -1639,8 +1639,10 @@  static struct mesh_model *model_setup(struct mesh_net *net, uint8_t ele_idx,
 	/* Implicitly bind config server model to device key */
 	if (db_mod->id == CONFIG_SRV_MODEL) {
 
-		if (ele_idx != PRIMARY_ELE_IDX)
+		if (ele_idx != PRIMARY_ELE_IDX) {
+			l_free(mod);
 			return NULL;
+		}
 
 		l_queue_push_head(mod->bindings,
 					L_UINT_TO_PTR(APP_IDX_DEV_LOCAL));