From 509bbd50e4bb71884d8e62ff7ca95df9fb82c05b Mon Sep 17 00:00:00 2001
From: Lee Hyuk <hyuk0512.lee@samsung.com>
Date: Thu, 16 Mar 2017 14:30:52 +0900
Subject: [PATCH] Fix the ipsp memory leak

Change-Id: I81bee30cde6a613d7706f685971c858750fa9c95
Signed-off-by: Lee Hyuk <hyuk0512.lee@samsung.com>
---
 bt-ipsp/bt-ipsp.c | 108 +++++++++++++++++++++++++---------------------
 1 file changed, 58 insertions(+), 50 deletions(-)

diff --git a/bt-ipsp/bt-ipsp.c b/bt-ipsp/bt-ipsp.c
index 21d0b13..533dacb 100644
--- a/bt-ipsp/bt-ipsp.c
+++ b/bt-ipsp/bt-ipsp.c
@@ -89,24 +89,18 @@ static GMainLoop *main_loop;
 
 void _bt_ipsp_gdbus_deinit_proxys(void)
 {
-	BT_DBG("");
-
-//	if (service_gproxy) {
-//		g_object_unref(service_gproxy);
-//		service_gproxy = NULL;
-//	}
+	BT_DBG("+");
 
 	if (service_gconn) {
 		g_object_unref(service_gconn);
 		service_gconn = NULL;
 	}
+
+	BT_DBG("-");
 }
 
 void _bt_ipsp_terminate(void)
 {
-//	if (_bt_check_terminating_condition() == FALSE)
-//		return;
-
 	_bt_ipsp_gdbus_deinit_proxys();
 	if (main_loop) {
 		g_main_loop_quit(main_loop);
@@ -202,10 +196,9 @@ static void __bt_ipsp_get_network_interface_name(char **if_name)
 	}
 
 	return;
-
 }
 
-gboolean __bt_ipsp_get_network_ipv6_address(const char *if_name, mobile_ap_ipv6_scope_e ip_scope, char **ip)
+gboolean __bt_ipsp_get_network_ipv6_address(const char *if_name, mobile_ap_ipv6_scope_e ip_scope, gchar **ip)
 {
 	FILE *fd;
 	char addr[8][5];
@@ -230,7 +223,7 @@ gboolean __bt_ipsp_get_network_ipv6_address(const char *if_name, mobile_ap_ipv6_
 		if (scope != ip_scope)
 			continue;
 
-		sprintf(copied, "%s:%s:%s:%s:%s:%s:%s:%s",
+		snprintf(copied, sizeof(copied), "%s:%s:%s:%s:%s:%s:%s:%s",
 				addr[0], addr[1], addr[2], addr[3],
 				addr[4], addr[5], addr[6], addr[7]);
 
@@ -244,50 +237,49 @@ gboolean __bt_ipsp_get_network_ipv6_address(const char *if_name, mobile_ap_ipv6_
 		fclose(fd);
 
 	return TRUE;
-
 }
 
 int __bt_ipsp_create_ipv6_address(char *ifname, char **ipv6_address)
 {
-	char *network_if_name = NULL;
-	char *link_addr = NULL;
-	char *network_addr = NULL;
-	char *prefix;
-	char *if_id = NULL;
+	BT_DBG("++");
+	gchar *network_if_name = NULL;
+	gchar *link_addr = NULL;
+	gchar *network_addr = NULL;
+	gchar *prefix = NULL;
+	gchar *if_id = NULL;
 	char copied[MH_MAX_IPV6_ADDRESS_STR_LEN] = {0, };
+	gchar *link_addr_cpy = NULL;
 	int i = 0;
 
 	__bt_ipsp_get_network_interface_name(&network_if_name);
 	__bt_ipsp_get_network_ipv6_address(ifname, MOBILE_AP_IPV6_SCOPE_LINK, &link_addr);
 	__bt_ipsp_get_network_ipv6_address(network_if_name, MOBILE_AP_IPV6_SCOPE_GLOBAL, &network_addr);
-
+	g_free(network_if_name);
 	if (link_addr == NULL || network_addr == NULL) {
 		BT_DBG("address is NULL");
+		g_free(link_addr);
+		g_free(network_addr);
 		return BT_ERROR_OPERATION_FAILED;
 	}
 
 	prefix = g_strndup(network_addr, 19);
+	g_free(network_addr);
+
+	link_addr_cpy = link_addr;
 
 	for (i = 0; i < 4; i++) {
-		strtok_r(link_addr, ":", &if_id);
-		link_addr = if_id;
+		strtok_r(link_addr_cpy, ":", &if_id);
+		link_addr_cpy = if_id;
 	}
-	sprintf(copied, "%s:%s", prefix, if_id);
+	snprintf(copied, sizeof(copied), "%s:%s", prefix, if_id);
 
 	*ipv6_address = g_strdup(copied);
 
-
-#if 0
-	g_free(network_if_name);
+	BT_DBG("Created IPv6 address [%s]", *ipv6_address);
 	g_free(link_addr);
-	g_free(network_addr);
 	g_free(prefix);
-	g_free(if_id);
-#endif
-	BT_DBG("Created IPv6 address [%s]", *ipv6_address);
-
+	BT_DBG("--");
 	return BT_ERROR_NONE;
-
 }
 
 int __bt_ipsp_set_ipv6_address(const char *if_name, char *ipv6_addr)
@@ -306,12 +298,13 @@ int __bt_ipsp_set_ipv6_address(const char *if_name, char *ipv6_addr)
 
 	g_strlcpy(ifr.ifr_name, if_name, IFNAMSIZ);
 
-	memset(&addr, 0, sizeof(struct sockaddr));
+	memset(&addr, 0, sizeof(struct sockaddr_in6));
 	addr.sin6_family = AF_INET6;
 	addr.sin6_port = 0;
 
 	if (inet_pton(AF_INET6, ipv6_addr, (void *)&addr.sin6_addr) <= 0) {
 		BT_ERR("Bad address!!");
+		close(sock_fd);
 		return BT_ERROR_OPERATION_FAILED;
 	}
 
@@ -352,14 +345,10 @@ int __bt_ipsp_set_ipv6_address(const char *if_name, char *ipv6_addr)
 void __bt_ipsp_connection_state_changed_cb(int result, bool connected, const char *remote_address,
 		const char *iface_name, void *user_data)
 {
-//	char *ip6;
-
 	BT_DBG("result: %d", result);
 	BT_DBG("Connected : %d", connected);
 	BT_DBG("Remote BT address : %s", remote_address);
 	BT_DBG("Interface name : %s", remote_address);
-
-	/* create ipv6 address */
 }
 
 static int __enable_ipv6_forwarding(void)
@@ -412,8 +401,9 @@ int __bt_ipsp_execute_dhcp6_server(void)
 	char buf[DNSMASQ_CONF_LEN] = "";
 	FILE *fp = NULL;
 	pid_t pid;
-	char *network_if_name = NULL;
-	char *network_addr = NULL;
+	gchar *network_if_name = NULL;
+	gchar *network_addr = NULL;
+	gchar *address = NULL;
 
 	if (remove(DNSMASQ_LEASES_FILE) < 0)
 		BT_ERR("Failed to remove %s", DNSMASQ_LEASES_FILE);
@@ -426,15 +416,26 @@ int __bt_ipsp_execute_dhcp6_server(void)
 		}
 
 		__bt_ipsp_get_network_interface_name(&network_if_name);
+		if (network_if_name == NULL) {
+			BT_ERR("Failed to get network interface");
+			fclose(fp);
+			return BT_ERROR_OPERATION_FAILED;
+		}
 
 		__bt_ipsp_get_network_ipv6_address(network_if_name, MOBILE_AP_IPV6_SCOPE_GLOBAL, &network_addr);
 		if (network_addr == NULL) {
 			BT_ERR("Failed to get global IP");
+			g_free(network_if_name);
+			fclose(fp);
 			return BT_ERROR_OPERATION_FAILED;
 		}
 
-		snprintf(buf, DNSMASQ_CONF_LEN, DNSMASQ_CONF6, dns_addr, g_strndup(network_addr, 19));
+		address = g_strndup(network_addr, 19);
+		snprintf(buf, DNSMASQ_CONF_LEN, DNSMASQ_CONF6, dns_addr, address);
 		fputs(buf, fp);
+		g_free(network_if_name);
+		g_free(network_addr);
+		g_free(address);
 		fclose(fp);
 
 		pid = fork();
@@ -493,7 +494,7 @@ static void __generate_eui64_address(char *hw_addr, char **eui64_addr)
 	/* Invert 7th bit */
 	hex ^= 2;
 	BT_DBG("Inverted bit(%x)", hex);
-	sprintf(addr64, "%x%s:%sff:fe%s:%s%s",
+	snprintf(addr64, sizeof(addr64), "%x%s:%sff:fe%s:%s%s",
 			hex, addr[1], addr[2], addr[3], addr[4], addr[5]);
 
 	BT_DBG("addr64(%s)", addr64);
@@ -505,14 +506,13 @@ static void __generate_eui64_address(char *hw_addr, char **eui64_addr)
 	BT_DBG("-");
 }
 
-
 int __bt_ipsp_create_ipv6_remote_address(char *remote_address, char **ipv6_address)
 {
 	BT_DBG("++");
-	char *eui64_addr = NULL;
-	char *network_addr = NULL;
-	char *network_if_name = NULL;
-	char *prefix;
+	gchar *eui64_addr = NULL;
+	gchar *network_addr = NULL;
+	gchar *network_if_name = NULL;
+	gchar *prefix = NULL;
 	char copied[MH_MAX_IPV6_ADDRESS_STR_LEN] = {0, };
 
 	__generate_eui64_address(remote_address, &eui64_addr);
@@ -522,21 +522,30 @@ int __bt_ipsp_create_ipv6_remote_address(char *remote_address, char **ipv6_addre
 	}
 
 	__bt_ipsp_get_network_interface_name(&network_if_name);
+	if (network_if_name == NULL) {
+		BT_ERR("Failed to get network interface");
+		g_free(eui64_addr);
+		return BT_ERROR_OPERATION_FAILED;
+	}
+
 	__bt_ipsp_get_network_ipv6_address(network_if_name, MOBILE_AP_IPV6_SCOPE_GLOBAL, &network_addr);
+	g_free(network_if_name);
 	if (network_addr == NULL) {
 		BT_ERR("Failed to get network address!!");
+		g_free(eui64_addr);
 		return BT_ERROR_OPERATION_FAILED;
 	}
 
 	prefix = g_strndup(network_addr, 19);
-	sprintf(copied, "%s:%s", prefix, eui64_addr);
+	snprintf(copied, sizeof(copied), "%s:%s", prefix, eui64_addr);
 	*ipv6_address = g_strdup(copied);
-
 	BT_DBG("remote device ipv6 addr : %s", *ipv6_address);
+
+	g_free(prefix);
+	g_free(eui64_addr);
+	g_free(network_addr);
 	BT_DBG("--");
 	return BT_ERROR_NONE;
-
-
 }
 
 int _execute_command(const char *cmd)
@@ -686,7 +695,6 @@ static void __bt_ipsp_dbus_method(GDBusConnection *connection,
 		__bt_ipsp_execute_dhcp6_server();
 
 	} else if (g_strcmp0(method_name, "SetIpv6Addr") == 0) {
-//		ret = _bt_core_disable_adapter();
 		int ret;
 		BT_DBG("");
 		char *ifname = NULL;
-- 
2.34.1