From 2e9fc523bdce411697016ab9c6778b121813bea0 Mon Sep 17 00:00:00 2001 From: ngie Date: Fri, 13 Jan 2017 09:01:09 +0000 Subject: MFC r311390: snmp_table_fetch_async: don't leak `work` if snmp_pdu_send(..) fails CID: 1017276 --- contrib/bsnmp/lib/snmpclient.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'contrib/bsnmp/lib/snmpclient.c') diff --git a/contrib/bsnmp/lib/snmpclient.c b/contrib/bsnmp/lib/snmpclient.c index 90b7d4a..80b85eb 100644 --- a/contrib/bsnmp/lib/snmpclient.c +++ b/contrib/bsnmp/lib/snmpclient.c @@ -728,8 +728,11 @@ snmp_table_fetch_async(const struct snmp_table *descr, void *list, work->last_change = 0; table_init_pdu(descr, &work->pdu); - if (snmp_pdu_send(&work->pdu, table_cb, work) == -1) + if (snmp_pdu_send(&work->pdu, table_cb, work) == -1) { + free(work); + work = NULL; return (-1); + } return (0); } -- cgit v1.1 From 75f9b073cb56727e69db95f16adf961ad6435eda Mon Sep 17 00:00:00 2001 From: ngie Date: Sat, 4 Feb 2017 15:45:51 +0000 Subject: MFC r311263: Use calloc instead of malloc with buffers in snmp_{recv,send}_packet This doesn't fix the issue noted in the PR, but at the very least it cleans up the error so it looks a bit more sane, and in the event that bsnmp did wander off into the weeds, the likelihood of it crashing with more sensible output is greater, in my opinion MFC counter set high so I have enough time to resolve the real underlying bug in bsnmpwalk PR: 215721 --- contrib/bsnmp/lib/snmpclient.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'contrib/bsnmp/lib/snmpclient.c') diff --git a/contrib/bsnmp/lib/snmpclient.c b/contrib/bsnmp/lib/snmpclient.c index 80b85eb..10c58f5 100644 --- a/contrib/bsnmp/lib/snmpclient.c +++ b/contrib/bsnmp/lib/snmpclient.c @@ -1234,7 +1234,7 @@ snmp_send_packet(struct snmp_pdu * pdu) struct asn_buf b; ssize_t ret; - if ((buf = malloc(snmp_client.txbuflen)) == NULL) { + if ((buf = calloc(1, snmp_client.txbuflen)) == NULL) { seterr(&snmp_client, "%s", strerror(errno)); return (-1); } @@ -1259,7 +1259,7 @@ snmp_send_packet(struct snmp_pdu * pdu) } free(buf); - return pdu->request_id; + return (pdu->request_id); } /* @@ -1355,7 +1355,7 @@ snmp_receive_packet(struct snmp_pdu *pdu, struct timeval *tv) socklen_t optlen; #endif - if ((buf = malloc(snmp_client.rxbuflen)) == NULL) { + if ((buf = calloc(1, snmp_client.rxbuflen)) == NULL) { seterr(&snmp_client, "%s", strerror(errno)); return (-1); } -- cgit v1.1