tcp: fix memleak in Follow TCP tap in error cases

If this not the first data segment and the data is somehow empty
(overlap?) or if the packet is out-of-order, the whole data fragment and
follow_record_t structure was leaked. Found by Clang Static Analyzer.

Change-Id: I81dc7749c738938b14d2cf4ad41e624b15099da6
Fixes: v2.3.0rc0-1449-g66fa31415f ("tcp: Fix Follow TCP tap data and when its tapped.")
Reviewed-on: https://code.wireshark.org/review/27348
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>

1 files changed, 6 insertions, 0 deletions

diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c
index 821bc43525..f2b6563d32 100644
--- a/epan/dissectors/packet-tcp.c
+++ b/epan/dissectors/packet-tcp.c
@@ -1065,6 +1065,7 @@ follow_tcp_tap_listener(void *tapdata, packet_info *pinfo,
     guint32 length = follow_data->tcph->th_seglen;
     guint32 data_length = tvb_captured_length(follow_data->tvb);
     guint32 newseq;
+    gboolean added_follow_record = FALSE;
 
     follow_record = g_new0(follow_record_t, 1);
 
@@ -1141,6 +1142,7 @@ follow_tcp_tap_listener(void *tapdata, packet_info *pinfo,
         if (data_length > 0) {
             follow_info->bytes_written[follow_record->is_server] += follow_record->data->len;
             follow_info->payload = g_list_append(follow_info->payload, follow_record);
+            added_follow_record = TRUE;
         }
 
         /* done with the packet, see if it caused a fragment to fit */
@@ -1160,6 +1162,10 @@ follow_tcp_tap_listener(void *tapdata, packet_info *pinfo,
             follow_info->fragments[follow_record->is_server] = g_list_append(follow_info->fragments[follow_record->is_server], frag_follow_record);
         }
     }
+    if (!added_follow_record) {
+        g_byte_array_free(follow_record->data, TRUE);
+        g_free(follow_record);
+    }
     return FALSE;
 }