From 93d12fd4f84fb61f2c6f17cb74ebdad66b578125 Mon Sep 17 00:00:00 2001
From: Erik Karlsson <erik.karlsson@genexis.eu>
Date: Tue, 1 Mar 2022 10:16:21 +0100
Subject: [PATCH] Fix memory leaks

---
 src/agent.c       | 12 +++++++-----
 src/agent_cmdu.c  |  2 +-
 src/agent_map.c   | 18 ++++++++++++++----
 src/agent_ubus.c  | 16 ++++++++++++----
 src/dynbh/dynbh.c |  3 +++
 5 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/src/agent.c b/src/agent.c
index a3ac92505..d414b5b59 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -2207,7 +2207,7 @@ static void wifi_sta_event_handler(void *c, struct blob_attr *msg)
 			return;
 
 		if (!strtob(framestr, len, frame)) {
-			free(framestr);
+			free(frame);
 			return;
 		}
 
@@ -2257,9 +2257,9 @@ static void wifi_sta_event_handler(void *c, struct blob_attr *msg)
 				} else
 					agent_exec_platform_scripts("bsta_enable_all");
 			}
-
-			free(frame);
 		}
+
+		free(frame);
 	}
 }
 
@@ -2460,7 +2460,7 @@ static int wifi_process_action_frame(struct agent *a, const char *framestr)
 		/* Obtain number of Measurement Reports */
 		while (pos < tags_len) {
 			if (frame_ptr->tags[pos] != 0x27)
-				return -1;
+				goto out_frame;
 			/* +2 for tag_no & tag_len */
 			pos += (frame_ptr->tags[pos+1] + 2);
 			count++;
@@ -2468,7 +2468,7 @@ static int wifi_process_action_frame(struct agent *a, const char *framestr)
 
 		s = find_sta_by_mac(a, frame_ptr->src);
 		if (!s)
-			return -1;
+			goto out_frame;
 
 		if (!s->supports_bcnreport)
 			s->supports_bcnreport = true;
@@ -2486,6 +2486,8 @@ static int wifi_process_action_frame(struct agent *a, const char *framestr)
 
 		send_beacon_metrics_response(a, frame_ptr->src,
 				count, frame_ptr->tags, tags_len);
+
+		free(frame);
 	}
 
 	return 0;
diff --git a/src/agent_cmdu.c b/src/agent_cmdu.c
index f0e6d528c..ae18d76ed 100644
--- a/src/agent_cmdu.c
+++ b/src/agent_cmdu.c
@@ -625,7 +625,7 @@ struct cmdu_buff *agent_gen_cmdu_beacon_metrics_resp(struct agent *a,
 					report_elems_nr,
 					report_elem,
 					elem_len))
-		return NULL;
+		goto out;
 
 	frm = cmdu_alloc_custom(CMDU_BEACON_METRICS_RESPONSE,
 				&mid, NULL, origin, tlv, t_len);
diff --git a/src/agent_map.c b/src/agent_map.c
index 16611b3d1..144b6cbe4 100644
--- a/src/agent_map.c
+++ b/src/agent_map.c
@@ -1718,6 +1718,8 @@ int handle_ap_autoconfig_wsc(void *agent, struct cmdu_buff *rx_cmdu)
 			 */
 			agent_autoconfig_event(a, radio->name, "teardown",
 					"IOPSYS extension process error");
+			if (ext)
+				free(ext);
 			return -1;
 		}
 
@@ -1728,6 +1730,7 @@ int handle_ap_autoconfig_wsc(void *agent, struct cmdu_buff *rx_cmdu)
 			wifi_teardown_map_ifaces_by_radio(a, radio->name);
 			agent_autoconfig_event(a, radio->name, "teardown",
 					"teardown bit set");
+			free(ext);
 			goto teardown;
 		}
 
@@ -1740,6 +1743,7 @@ int handle_ap_autoconfig_wsc(void *agent, struct cmdu_buff *rx_cmdu)
 			wifi_teardown_map_ifaces_by_radio(a, radio->name);
 			agent_autoconfig_event(a, radio->name, "teardown",
 					"M2 apply failure");
+			free(ext);
 			goto teardown;
 		}
 
@@ -4613,7 +4617,7 @@ int handle_hld_message(void *agent, struct cmdu_buff *rx_cmdu)
 						&sync_config_reqsize, &key);
 		if (ret) {
 			err("Failed to build sync-config-req frame!\n");
-			return ret;
+			goto error;
 		}
 
 		if (a->sync_config_req)
@@ -4625,8 +4629,10 @@ int handle_hld_message(void *agent, struct cmdu_buff *rx_cmdu)
 
 		cmdu = agent_gen_higher_layer_data(a, a->cntlr_almac, res_proto,
 						   sync_config_req, sync_config_reqsize);
-		if (!cmdu)
-			return -1;
+		if (!cmdu) {
+			ret = -1;
+			goto error;
+		}
 
 		agent_send_cmdu(a, cmdu);
 		cmdu_free(cmdu);
@@ -4654,7 +4660,7 @@ int handle_hld_message(void *agent, struct cmdu_buff *rx_cmdu)
 						   &out);
 		if (ret) {
 			err("Error processing dyn-controller-config-sync response\n");
-			return ret;
+			goto error;
 		}
 
 		agent_get_controller_enabled(a, enabled);
@@ -4665,8 +4671,12 @@ int handle_hld_message(void *agent, struct cmdu_buff *rx_cmdu)
 		set_value_by_string("mapcontroller", "controller", "enabled",
 				enabled, UCI_TYPE_STRING);
 
+		free(out.data);
 	}
+
+error:
 #endif /* AGENT_SYNC_DYNAMIC_CNTLR_CONFIG */
+	free(usrdata);
 
 	return ret;
 }
diff --git a/src/agent_ubus.c b/src/agent_ubus.c
index 3b03e52e6..edb6895e5 100644
--- a/src/agent_ubus.c
+++ b/src/agent_ubus.c
@@ -367,7 +367,7 @@ static int bcn_metrics_query(struct ubus_context *ctx, struct ubus_object *obj,
 
 		reports = calloc(num_report, sizeof(struct sta_channel_report));
 		if (!reports) {
-			ret = -ENOMEM;
+			ret = UBUS_STATUS_UNKNOWN_ERROR;
 			goto out;
 		}
 
@@ -421,6 +421,10 @@ static int bcn_metrics_query(struct ubus_context *ctx, struct ubus_object *obj,
 				BLOBMSG_TYPE_INT32);
 
 		element = calloc(num_element, sizeof(uint8_t));
+		if (!element) {
+			ret = UBUS_STATUS_UNKNOWN_ERROR;
+			goto out;
+		}
 
 		blobmsg_for_each_attr(attr_id,
 				tb[BCN_METRICS_ELEMENT_IDS], rem_id) {
@@ -526,7 +530,7 @@ static int unassoc_sta_lm_query(struct ubus_context *ctx,
 
 		metrics = calloc(num_metrics, sizeof(struct unassoc_sta_metric));
 		if (!metrics) {
-			ret = -ENOMEM;
+			ret = UBUS_STATUS_UNKNOWN_ERROR;
 			goto out;
 		}
 
@@ -598,8 +602,10 @@ static int unassoc_sta_lm_query(struct ubus_context *ctx,
 	cmdu = agent_gen_unassoc_sta_metric_query(a, agent_mac,
 			opclass, num_metrics, metrics);
 
-	if (!cmdu)
-		return UBUS_STATUS_UNKNOWN_ERROR;
+	if (!cmdu) {
+		ret = UBUS_STATUS_UNKNOWN_ERROR;
+		goto out;
+	}
 
 	agent_send_cmdu(a, cmdu);
 	cmdu_free(cmdu);
@@ -801,6 +807,8 @@ static int higher_layer_data(struct ubus_context *ctx, struct ubus_object *obj,
 	if (!cmdu)
 		goto error;
 
+	free(data);
+
 	agent_send_cmdu(a, cmdu);
 	cmdu_free(cmdu);
 
diff --git a/src/dynbh/dynbh.c b/src/dynbh/dynbh.c
index c5afb63d1..a1b7807c1 100644
--- a/src/dynbh/dynbh.c
+++ b/src/dynbh/dynbh.c
@@ -646,6 +646,8 @@ static int mapclient_handle_cmdu_notification(struct blob_attr *msg, struct mapc
 	cmdu = cmdu_alloc_custom(type, &mid, in_ifname, srcmac, tlv, len);
 	if (!cmdu) {
 		fprintf(stderr, "%s: cmdu_alloc_custom() failed!\n", __func__);
+		if (tlv)
+			free(tlv);
 		return -1;
 	}
 	memcpy(cmdu->origin, origin, 6);
@@ -673,6 +675,7 @@ static int mapclient_handle_cmdu_notification(struct blob_attr *msg, struct mapc
 error:
 	if (tlv)
 		free(tlv);
+	cmdu_free(cmdu);
 	return ret;
 }
 
-- 
GitLab