handover: Fix memory leak on reallocation error

A temporay variable is used for checking the realloc() return value.
Otherwise ndef->ndef is leaked when realloc fails as it is then set to
NULL.
With this fix, ndef->ndef is updated iff realloc() succeeds.

Reported by Szymon Janc <szymon.janc@tieto.com>

diff --git a/plugins/handover.c b/plugins/handover.c
index 305a31d..1559e61 100644 (file)
--- a/plugins/handover.c
+++ b/plugins/handover.c
@@ -167,6 +167,7 @@ static near_bool_t handover_read_cfg_records(int client_fd,
                                near_tag_io_cb cb)
 {
        struct hr_ndef *ndef;
+       uint8_t *new_ndef;
        int bytes_recv;
        int ndef_size;
        int err;
@@ -179,11 +180,13 @@ static near_bool_t handover_read_cfg_records(int client_fd,
 
        if (ndef->in_extra_read == TRUE) {
                /* Next prepare read to complete the Hr */
-               ndef->ndef = g_try_realloc(ndef->ndef, ndef->cur_record_len +
+               new_ndef = g_try_realloc(ndef->ndef, ndef->cur_record_len +
                                NDEF_HR_MSG_MIN_LENGTH);
-               if (ndef->ndef == NULL)
+               if (new_ndef == NULL)
                        return FALSE;
 
+               ndef->ndef = new_ndef;
+
                /* Read header bytes */
                bytes_recv = recv(client_fd, ndef->ndef + ndef->cur_ptr,
                                NDEF_HR_MSG_MIN_LENGTH, MSG_DONTWAIT);
@@ -200,12 +203,13 @@ static near_bool_t handover_read_cfg_records(int client_fd,
                ndef->missing_bytes = ndef_size - bytes_recv;
 
                /* Next prepare read to complete the NDEF */
-               ndef->ndef = g_try_realloc(ndef->ndef, ndef->cur_record_len
+               new_ndef = g_try_realloc(ndef->ndef, ndef->cur_record_len
                                                                + ndef_size);
-               if (ndef->ndef == NULL) {
-                       g_free(ndef);
+               if (new_ndef == NULL)
                        return FALSE;
-               }
+
+               ndef->ndef = new_ndef;
+
                ndef->cur_record_len += ndef_size;
                ndef->in_extra_read = FALSE;