diff options
author | Harald Welte <laforge@gnumonks.org> | 2017-11-08 15:24:07 +0900 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2017-11-13 23:57:58 +0900 |
commit | e2a1de5ca5ca1f7c03955fc36d7c62dc9e91d8cb (patch) | |
tree | 5f7be5842c691255eb90262c5d8f9837c7b24e22 | |
parent | 4c7d29107ff6f1f2c1e1649bc950bd098148be1a (diff) |
Properly NULL-out blacklist in alloc_ippool_blacklist()
This ensures that in case of error, any caller can still safely
call talloc_free() on the blacklist pointerm as free on NULL
is well-defined. With the code prior to this patch we fear
a double-free.
Change-Id: Idc511cb3f0dfb922920aba8f88ea77df1722ecdc
-rw-r--r-- | ggsn/ggsn.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c index 45b3116..4af044e 100644 --- a/ggsn/ggsn.c +++ b/ggsn/ggsn.c @@ -152,26 +152,30 @@ static int alloc_ippool_blacklist(struct apn_ctx *apn, struct in46_prefix **blac int flags, len, len2, i; + *blacklist = NULL; + if (ipv6) flags = IP_TYPE_IPv6_NONLINK; else flags = IP_TYPE_IPv4; while (1) { - len = tun_ip_local_get(apn->tun.tun, NULL, 0, flags); + len = netdev_ip_local_get(apn->tun.cfg.dev_name, NULL, 0, flags); if (len < 1) return len; *blacklist = talloc_zero_size(apn, len * sizeof(struct in46_prefix)); - len2 = tun_ip_local_get(apn->tun.tun, *blacklist, len, flags); + len2 = netdev_ip_local_get(apn->tun.cfg.dev_name, *blacklist, len, flags); if (len2 < 1) { talloc_free(*blacklist); + *blacklist = NULL; return len2; } - if (len2 > len) /* iface was added between 2 calls, repeat operation */ + if (len2 > len) { /* iface was added between 2 calls, repeat operation */ talloc_free(*blacklist); - else + *blacklist = NULL; + } else break; } |