From e2a1de5ca5ca1f7c03955fc36d7c62dc9e91d8cb Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Wed, 8 Nov 2017 15:24:07 +0900
Subject: Properly NULL-out blacklist in alloc_ippool_blacklist()

This ensures that in case of error, any caller can still safely
call talloc_free() on the blacklist pointerm as free on NULL
is well-defined.  With the code prior to this patch we fear
a double-free.

Change-Id: Idc511cb3f0dfb922920aba8f88ea77df1722ecdc
---
 ggsn/ggsn.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'ggsn')

diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c
index 45b3116..4af044e 100644
--- a/ggsn/ggsn.c
+++ b/ggsn/ggsn.c
@@ -152,26 +152,30 @@ static int alloc_ippool_blacklist(struct apn_ctx *apn, struct in46_prefix **blac
 
 	int flags, len, len2, i;
 
+	*blacklist = NULL;
+
 	if (ipv6)
 		flags = IP_TYPE_IPv6_NONLINK;
 	else
 		flags = IP_TYPE_IPv4;
 
 	while (1) {
-		len = tun_ip_local_get(apn->tun.tun, NULL, 0, flags);
+		len = netdev_ip_local_get(apn->tun.cfg.dev_name, NULL, 0, flags);
 		if (len < 1)
 			return len;
 
 		*blacklist = talloc_zero_size(apn, len * sizeof(struct in46_prefix));
-		len2 = tun_ip_local_get(apn->tun.tun, *blacklist, len, flags);
+		len2 = netdev_ip_local_get(apn->tun.cfg.dev_name, *blacklist, len, flags);
 		if (len2 < 1) {
 			talloc_free(*blacklist);
+			*blacklist = NULL;
 			return len2;
 		}
 
-		if (len2 > len) /* iface was added between 2 calls, repeat operation */
+		if (len2 > len) { /* iface was added between 2 calls, repeat operation */
 			talloc_free(*blacklist);
-		else
+			*blacklist = NULL;
+		} else
 			break;
 	}
 
-- 
cgit v1.2.3