Blame SOURCES/open-lldp-v1.0.1-29-memleak-on-received-TLVs.patch

c954eb
From 9b0389837d7532909a8070d5a08f0175c367c12e Mon Sep 17 00:00:00 2001
c954eb
From: Chris Leech <cleech@redhat.com>
c954eb
Date: Wed, 23 May 2018 16:37:51 -0700
c954eb
Subject: [PATCH] memleak on received TLVs from modules
c954eb
c954eb
Most of the TLV modules that have an rchange handler for received TLVs
c954eb
seem to get the return values wrong, returning 0 or TLV_OK without
c954eb
freeing or storing the unpacked TLV to be freed later. That leaks the
c954eb
allocation, as rxProcessFrame believes the module has claimed ownership.
c954eb
c954eb
In a test setup, it's probably easiest to see by enabling some TLV type
c954eb
on one side of a connection only.  Or, any unexpected TLV that doesn't
c954eb
get handled will be erroneously leaked by the EVB modules.
c954eb
---
c954eb
 lldp_8021qaz.c | 4 ++--
c954eb
 lldp_evb.c     | 8 +++++---
c954eb
 lldp_evb22.c   | 8 +++++---
c954eb
 3 files changed, 12 insertions(+), 8 deletions(-)
c954eb
c954eb
diff --git a/lldp_8021qaz.c b/lldp_8021qaz.c
c954eb
index 094676d..198ebcf 100644
c954eb
--- a/lldp_8021qaz.c
c954eb
+++ b/lldp_8021qaz.c
c954eb
@@ -1924,7 +1924,7 @@ int ieee8021qaz_rchange(struct port *port, struct lldp_agent *agent,
c954eb
 	struct ieee8021qaz_unpkd_tlvs *rx;
c954eb
 
c954eb
 	if (agent->type != NEAREST_BRIDGE)
c954eb
-		return 0;
c954eb
+		return SUBTYPE_INVALID;
c954eb
 
c954eb
 	qaz_tlvs = ieee8021qaz_data(port->ifname);
c954eb
 	if (!qaz_tlvs)
c954eb
@@ -2005,7 +2005,7 @@ int ieee8021qaz_rchange(struct port *port, struct lldp_agent *agent,
c954eb
 		}
c954eb
 	}
c954eb
 
c954eb
-	return TLV_OK;
c954eb
+	return SUBTYPE_INVALID;
c954eb
 }
c954eb
 
c954eb
 static void ieee8021qaz_free_rx(struct ieee8021qaz_unpkd_tlvs *rx)
c954eb
diff --git a/lldp_evb.c b/lldp_evb.c
c954eb
index 4b3752e..07f5ffb 100644
c954eb
--- a/lldp_evb.c
c954eb
+++ b/lldp_evb.c
c954eb
@@ -210,7 +210,8 @@ static int evb_rchange(struct port *port, struct lldp_agent *agent,
c954eb
 	u8 oui_subtype[OUI_SUB_SIZE] = LLDP_OUI_SUBTYPE;
c954eb
 
c954eb
 	if (agent->type != NEAREST_CUSTOMER_BRIDGE)
c954eb
-		return 0;
c954eb
+		return SUBTYPE_INVALID;
c954eb
+
c954eb
 	ed = evb_data(port->ifname, agent->type);
c954eb
 
c954eb
 	if (!ed)
c954eb
@@ -229,7 +230,7 @@ static int evb_rchange(struct port *port, struct lldp_agent *agent,
c954eb
 		if (!ed->txmit) {
c954eb
 			LLDPAD_WARN("%s:%s agent %d EVB Config disabled\n",
c954eb
 				__func__, ed->ifname, agent->type);
c954eb
-			return TLV_OK;
c954eb
+			return SUBTYPE_INVALID;
c954eb
 		}
c954eb
 
c954eb
 		LLDPAD_DBG("%s:%s agent %d received tlv:\n", __func__,
c954eb
@@ -246,7 +247,8 @@ static int evb_rchange(struct port *port, struct lldp_agent *agent,
c954eb
 		evb_print_tlvinfo(ed->ifname, &ed->tie);
c954eb
 		vdp_update(port->ifname, ed->tie.ccap);
c954eb
 	}
c954eb
-	return TLV_OK;
c954eb
+
c954eb
+	return SUBTYPE_INVALID;
c954eb
 }
c954eb
 
c954eb
 /*
c954eb
diff --git a/lldp_evb22.c b/lldp_evb22.c
c954eb
index 85c6abc..64b04e0 100644
c954eb
--- a/lldp_evb22.c
c954eb
+++ b/lldp_evb22.c
c954eb
@@ -305,7 +305,8 @@ static int evb22_rchange(struct port *port, struct lldp_agent *agent,
c954eb
 	u8 oui_subtype[OUI_SUB_SIZE] = LLDP_MOD_EVB22_OUI;
c954eb
 
c954eb
 	if (agent->type != NEAREST_CUSTOMER_BRIDGE)
c954eb
-		return 0;
c954eb
+		return SUBTYPE_INVALID;
c954eb
+
c954eb
 	ed = evb22_data(port->ifname, agent->type);
c954eb
 
c954eb
 	if (!ed)
c954eb
@@ -324,7 +325,7 @@ static int evb22_rchange(struct port *port, struct lldp_agent *agent,
c954eb
 		if (!ed->txmit) {
c954eb
 			LLDPAD_WARN("%s:%s agent %d EVB Config disabled\n",
c954eb
 				__func__, ed->ifname, agent->type);
c954eb
-			return TLV_OK;
c954eb
+			return SUBTYPE_INVALID;
c954eb
 		}
c954eb
 
c954eb
 		LLDPAD_DBG("%s:%s agent %d received tlv:\n", __func__,
c954eb
@@ -341,7 +342,8 @@ static int evb22_rchange(struct port *port, struct lldp_agent *agent,
c954eb
 		evb22_print_tlvinfo(ed->ifname, &ed->out);
c954eb
 		/* TODO vdp_update(port->ifname, ed->tie.ccap); */
c954eb
 	}
c954eb
-	return TLV_OK;
c954eb
+
c954eb
+	return SUBTYPE_INVALID;
c954eb
 }
c954eb
 
c954eb
 /*
c954eb
-- 
c954eb
2.19.1