From: Thomas Haller Date: Fri, 14 Dec 2018 23:45:46 +0000 (+0100) Subject: network: don't return allocated buffer of zero length from deserialize_in_addrs() X-Git-Tag: v242~342^2~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c24b68216222156a45c5a8a918e7a44c144e9555;p=platform%2Fupstream%2Fsystemd.git network: don't return allocated buffer of zero length from deserialize_in_addrs() deserialize_in_addrs() allocates the buffer before trying to parse the IP address. Since a parsing error is silently ignored, the returned size might be zero. In such a case we shouldn't return any buffer. Anyway, there was no leak, because there are only two callers like r = deserialize_in_addrs(&lease->dns, dns); which both keep the unused buffer and later release it. Note that deserialize_in_addrs() doesn't free the pointer before reassigning the new output. The caller must take care to to pass "ret" with an allocated buffer that would be leaked when returning the result. --- diff --git a/src/libsystemd-network/network-internal.c b/src/libsystemd-network/network-internal.c index a0209ca..221c83d 100644 --- a/src/libsystemd-network/network-internal.c +++ b/src/libsystemd-network/network-internal.c @@ -457,7 +457,7 @@ int deserialize_in_addrs(struct in_addr **ret, const char *string) { size++; } - *ret = TAKE_PTR(addresses); + *ret = size > 0 ? TAKE_PTR(addresses) : NULL; return size; }