diff options
author | Peter Wu <peter@lekensteyn.nl> | 2018-05-04 23:28:30 +0200 |
---|---|---|
committer | Dario Lombardo <lomato@gmail.com> | 2018-05-05 16:12:53 +0000 |
commit | 4c14ac075403e3f5ea5709501918c08e45272439 (patch) | |
tree | e4c94ff8678acfb316102cfe44086f1891c56af7 /epan | |
parent | 230d7d4e907d4083306bb9b84f46d5f498719a5a (diff) |
tcp: fix memleak in Follow TCP tap in error cases
If this not the first data segment and the data is somehow empty
(overlap?) or if the packet is out-of-order, the whole data fragment and
follow_record_t structure was leaked. Found by Clang Static Analyzer.
Change-Id: I81dc7749c738938b14d2cf4ad41e624b15099da6
Fixes: v2.3.0rc0-1449-g66fa31415f ("tcp: Fix Follow TCP tap data and when its tapped.")
Reviewed-on: https://code.wireshark.org/review/27348
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-tcp.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c index 821bc43525..f2b6563d32 100644 --- a/epan/dissectors/packet-tcp.c +++ b/epan/dissectors/packet-tcp.c @@ -1065,6 +1065,7 @@ follow_tcp_tap_listener(void *tapdata, packet_info *pinfo, guint32 length = follow_data->tcph->th_seglen; guint32 data_length = tvb_captured_length(follow_data->tvb); guint32 newseq; + gboolean added_follow_record = FALSE; follow_record = g_new0(follow_record_t, 1); @@ -1141,6 +1142,7 @@ follow_tcp_tap_listener(void *tapdata, packet_info *pinfo, if (data_length > 0) { follow_info->bytes_written[follow_record->is_server] += follow_record->data->len; follow_info->payload = g_list_append(follow_info->payload, follow_record); + added_follow_record = TRUE; } /* done with the packet, see if it caused a fragment to fit */ @@ -1160,6 +1162,10 @@ follow_tcp_tap_listener(void *tapdata, packet_info *pinfo, follow_info->fragments[follow_record->is_server] = g_list_append(follow_info->fragments[follow_record->is_server], frag_follow_record); } } + if (!added_follow_record) { + g_byte_array_free(follow_record->data, TRUE); + g_free(follow_record); + } return FALSE; } |