From f2c10f108202c350a3c16f49156b11b0cd0dfa96 Mon Sep 17 00:00:00 2001
From: Neels Hofmeyr <neels@hofmeyr.de>
Date: Sat, 16 Dec 2017 04:05:21 +0100
Subject: ctrl: fix mem leak when handling GET_REPLY and SET_REPLY

In ctrl_handle_msg() (code recently propagated from handle_control_read()),
talloc_free() the parsed ctrl_cmd in all code paths. In particular, a free was
missing in case ctrl_cmd_handle() returns CTRL_CMD_HANDLED.

CTRL_CMD_HANDLED is triggered by GET_REPLY / SET_REPLY parsing, as show by
ctrl_test.c. With the memleak fixed, adjust expected test output and make a
detected mem leak abort the test immediately.

Change-Id: Id583b413f8b8bd16e5cf92a8a9e8663903646381
---
 src/ctrl/control_if.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'src/ctrl')

diff --git a/src/ctrl/control_if.c b/src/ctrl/control_if.c
index 7c1d81ac..5c73b631 100644
--- a/src/ctrl/control_if.c
+++ b/src/ctrl/control_if.c
@@ -387,7 +387,6 @@ int ctrl_handle_msg(struct ctrl_handle *ctrl, struct ctrl_connection *ccon, stru
 		cmd->ccon = ccon;
 		if (ctrl_cmd_handle(ctrl, cmd, ctrl->data) != CTRL_CMD_HANDLED) {
 			ctrl_cmd_send(&ccon->write_queue, cmd);
-			talloc_free(cmd);
 		}
 	} else {
 		cmd = talloc_zero(ccon, struct ctrl_cmd);
@@ -398,9 +397,9 @@ int ctrl_handle_msg(struct ctrl_handle *ctrl, struct ctrl_connection *ccon, stru
 		cmd->id = "err";
 		cmd->reply = "Command parser error.";
 		ctrl_cmd_send(&ccon->write_queue, cmd);
-		talloc_free(cmd);
 	}
 
+	talloc_free(cmd);
 	return 0;
 }
 
-- 
cgit v1.2.3