match: fix memory leak in error path

Call kdbus_match_rule_free() in the error path to cleanly free all
associated memory. For this to work, rule->type must be assigned as
soon as possible. Also, make kdbus_match_rule_free() accept NULL
pointers so we don't have to check for that on the call site.

Signed-off-by: Daniel Mack <daniel@zonque.org>

diff --git a/match.c b/match.c
index c5d6d6a407cb661f52d755a8609ea025b1d1de94..46a429bec8c07e84d9be4087c40f5339352dbf04 100644 (file)
--- a/match.c
+++ b/match.c
@@ -94,6 +94,9 @@ struct kdbus_match_rule {
 
 static void kdbus_match_rule_free(struct kdbus_match_rule *rule)
 {
+       if (!rule)
+               return;
+
        switch (rule->type) {
        case KDBUS_ITEM_BLOOM_MASK:
                kfree(rule->bloom_mask.data);
@@ -389,6 +392,8 @@ int kdbus_match_db_add(struct kdbus_conn *conn,
                        break;
                }
 
+               rule->type = item->type;
+
                switch (item->type) {
                /* First matches for userspace messages */
                case KDBUS_ITEM_BLOOM_MASK: {
@@ -467,12 +472,10 @@ int kdbus_match_db_add(struct kdbus_conn *conn,
                }
 
                if (ret < 0) {
-                       kfree(rule);
+                       kdbus_match_rule_free(rule);
                        break;
                }
 
-               rule->type = item->type;
-
                list_add_tail(&rule->rules_entry, &entry->rules_list);
        }