Variable new_sockname will leak and sockname will be double freed if
both of the cases shown below are true.
1. realloc succeeds and doesn't return the original pointer
2. calling socket_func fails
Signed-off-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Reviewed-by: Arnaud Fontaine <arnau@debian.org>
Signed-off-by: Peter Harris <pharris@opentext.com>
{
socklen_t socknamelen = sizeof(struct sockaddr) + INITIAL_SOCKNAME_SLACK;
socklen_t actual_socknamelen = socknamelen;
{
socklen_t socknamelen = sizeof(struct sockaddr) + INITIAL_SOCKNAME_SLACK;
socklen_t actual_socknamelen = socknamelen;
- struct sockaddr *sockname = malloc(socknamelen), *new_sockname = NULL;
+ struct sockaddr *sockname = malloc(socknamelen);
if (sockname == NULL)
return NULL;
if (sockname == NULL)
return NULL;
if (actual_socknamelen > socknamelen)
{
if (actual_socknamelen > socknamelen)
{
+ struct sockaddr *new_sockname = NULL;
socknamelen = actual_socknamelen;
socknamelen = actual_socknamelen;
- if ((new_sockname = realloc(sockname, actual_socknamelen)) == NULL ||
- socket_func(fd, new_sockname, &actual_socknamelen) == -1 ||
- actual_socknamelen > socknamelen)
+ if ((new_sockname = realloc(sockname, actual_socknamelen)) == NULL)
goto sock_or_realloc_error;
sockname = new_sockname;
goto sock_or_realloc_error;
sockname = new_sockname;
+
+ if (socket_func(fd, sockname, &actual_socknamelen) == -1 ||
+ actual_socknamelen > socknamelen)
+ goto sock_or_realloc_error;