mesh: Fix memory leak and NULL pointer dereference

This fixes a potential NULL pointer dereferencing in mesh_model_pub_set()
when virtual address publication cannot be successfully stored.
Also, fix a minor memory leak that may occur on unsuccessful model
initialization from storage.

Change-Id: Ic5de82e7109237c7aa411e27c544b5fe2164a3d4
Signed-off-by: anuj.bhumiya <anuj.bhumiya@samsung.com>

diff --git a/mesh/model.c b/mesh/model.c
index c8eb8c6..82078ed 100644 (file)
--- a/mesh/model.c
+++ b/mesh/model.c
@@ -1091,11 +1091,11 @@ int mesh_model_pub_set(struct mesh_node *node, uint16_t addr, uint32_t id,
                status = set_virt_pub(mod, pub_addr, idx, cred_flag, ttl,
                                                        period, cnt, interval);
 
-       *pub_dst = mod->pub->addr;
-
        if (status != MESH_STATUS_SUCCESS)
                return status;
 
+       *pub_dst = mod->pub->addr;
+
        if (!mod->cbs)
                /* External model */
                config_update_model_pub_period(node, ele_idx, id,
@@ -1639,8 +1639,10 @@ static struct mesh_model *model_setup(struct mesh_net *net, uint8_t ele_idx,
        /* Implicitly bind config server model to device key */
        if (db_mod->id == CONFIG_SRV_MODEL) {
 
-               if (ele_idx != PRIMARY_ELE_IDX)
+               if (ele_idx != PRIMARY_ELE_IDX) {
+                       l_free(mod);
                        return NULL;
+               }
 
                l_queue_push_head(mod->bindings,
                                        L_UINT_TO_PTR(APP_IDX_DEV_LOCAL));