From 0c762f107e6a5f6c56c42c0aba48f6aa9c6f1eef Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Thu, 25 Oct 2018 12:24:30 +0200
Subject: [PATCH] ip-route: Fix for memleak in error path

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1602555
Upstream Status: iproute2.git commit e5da392ff8e39

commit e5da392ff8e3979b86cad04b238ffbbc8076e005
Author: Phil Sutter <phil@nwl.cc>
Date:   Thu Oct 18 14:30:31 2018 +0200

    ip-route: Fix for memleak in error path

    If call to rta_addattr_l() failed, parse_encap_seg6() would leak memory.
    Fix this by making sure calls to free() are not skipped.

    Fixes: bd59e5b1517b0 ("ip-route: Fix segfault with many nexthops")
    Signed-off-by: Phil Sutter <phil@nwl.cc>
    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 ip/iproute_lwtunnel.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/ip/iproute_lwtunnel.c b/ip/iproute_lwtunnel.c
index 969a476..85045d4 100644
--- a/ip/iproute_lwtunnel.c
+++ b/ip/iproute_lwtunnel.c
@@ -498,6 +498,7 @@ static int parse_encap_seg6(struct rtattr *rta, size_t len, int *argcp,
 	int argc = *argcp;
 	int encap = -1;
 	__u32 hmac = 0;
+	int ret = 0;
 	int srhlen;
 
 	while (argc > 0) {
@@ -539,16 +540,19 @@ static int parse_encap_seg6(struct rtattr *rta, size_t len, int *argcp,
 	memcpy(tuninfo->srh, srh, srhlen);
 
 	if (rta_addattr_l(rta, len, SEG6_IPTUNNEL_SRH, tuninfo,
-			  sizeof(*tuninfo) + srhlen))
-		return -1;
-
-	free(tuninfo);
-	free(srh);
+			  sizeof(*tuninfo) + srhlen)) {
+		ret = -1;
+		goto out;
+	}
 
 	*argcp = argc + 1;
 	*argvp = argv - 1;
 
-	return 0;
+out:
+	free(tuninfo);
+	free(srh);
+
+	return ret;
 }
 
 struct lwt_x {
-- 
1.8.3.1