- relay_cmd was not freed on error.
- newsock is a pointer. A pointer is always > 0. (unsigned comparison)
- if / else if could lead to newsock to be dereferenced while NULL.
- missing lttcomm_destroy_sock on newsock on setsockopt error.
Memory and FD leak.
Signed-off-by: Christian Babeux <christian.babeux@efficios.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: David Goulet <dgoulet@efficios.com>
struct lttng_poll_event events;
struct lttcomm_sock *control_sock, *data_sock;
struct lttng_poll_event events;
struct lttcomm_sock *control_sock, *data_sock;
- /*
- * Get allocated in this thread, enqueued to a global queue, dequeued and
- * freed in the worker thread.
- */
- struct relay_command *relay_cmd = NULL;
-
DBG("[thread] Relay listener started");
control_sock = relay_init_sock(control_uri);
DBG("[thread] Relay listener started");
control_sock = relay_init_sock(control_uri);
ERR("socket poll error");
goto error;
} else if (revents & LPOLLIN) {
ERR("socket poll error");
goto error;
} else if (revents & LPOLLIN) {
- struct lttcomm_sock *newsock = NULL;
+ /*
+ * Get allocated in this thread,
+ * enqueued to a global queue, dequeued
+ * and freed in the worker thread.
+ */
+ struct relay_command *relay_cmd;
+ struct lttcomm_sock *newsock;
relay_cmd = zmalloc(sizeof(struct relay_command));
if (relay_cmd == NULL) {
relay_cmd = zmalloc(sizeof(struct relay_command));
if (relay_cmd == NULL) {
if (pollfd == data_sock->fd) {
newsock = data_sock->ops->accept(data_sock);
if (pollfd == data_sock->fd) {
newsock = data_sock->ops->accept(data_sock);
PERROR("accepting data sock");
PERROR("accepting data sock");
goto error;
}
relay_cmd->type = RELAY_DATA;
DBG("Relay data connection accepted, socket %d", newsock->fd);
goto error;
}
relay_cmd->type = RELAY_DATA;
DBG("Relay data connection accepted, socket %d", newsock->fd);
- } else if (pollfd == control_sock->fd) {
+ } else {
+ assert(pollfd == control_sock->fd);
newsock = control_sock->ops->accept(control_sock);
newsock = control_sock->ops->accept(control_sock);
PERROR("accepting control sock");
PERROR("accepting control sock");
goto error;
}
relay_cmd->type = RELAY_CONTROL;
goto error;
}
relay_cmd->type = RELAY_CONTROL;
&val, sizeof(int));
if (ret < 0) {
PERROR("setsockopt inet");
&val, sizeof(int));
if (ret < 0) {
PERROR("setsockopt inet");
+ lttcomm_destroy_sock(newsock);
+ free(relay_cmd);
goto error;
}
relay_cmd->sock = newsock;
goto error;
}
relay_cmd->sock = newsock;