From 77002c65d3532384682dd1ac861f4349089c5704 Mon Sep 17 00:00:00 2001 From: Andrei Borzenkov Date: Sat, 16 Jan 2016 21:27:57 +0300 Subject: [PATCH] tftp: fix memory leaks in open If protocol open fails, file is immediately freed, so data was leaked. Found by: Coverity scan. CID: 96659 --- grub-core/net/tftp.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c index 1319671ff..7d90bf66e 100644 --- a/grub-core/net/tftp.c +++ b/grub-core/net/tftp.c @@ -326,7 +326,10 @@ tftp_open (struct grub_file *file, const char *filename) grub_netbuff_reserve (&nb, 1500); err = grub_netbuff_push (&nb, sizeof (*tftph)); if (err) - return err; + { + grub_free (data); + return err; + } tftph = (struct tftphdr *) nb.data; @@ -361,19 +364,26 @@ tftp_open (struct grub_file *file, const char *filename) err = grub_netbuff_unput (&nb, nb.tail - (nb.data + hdrlen)); if (err) - return err; + { + grub_free (data); + return err; + } file->not_easily_seekable = 1; file->data = data; data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp); if (!data->pq) - return grub_errno; + { + grub_free (data); + return grub_errno; + } err = grub_net_resolve_address (file->device->net->server, &addr); if (err) { destroy_pq (data); + grub_free (data); return err; } @@ -383,6 +393,7 @@ tftp_open (struct grub_file *file, const char *filename) if (!data->sock) { destroy_pq (data); + grub_free (data); return grub_errno; } @@ -396,6 +407,7 @@ tftp_open (struct grub_file *file, const char *filename) { grub_net_udp_close (data->sock); destroy_pq (data); + grub_free (data); return err; } grub_net_poll_cards (GRUB_NET_INTERVAL + (i * GRUB_NET_INTERVAL_ADDITION), @@ -412,6 +424,7 @@ tftp_open (struct grub_file *file, const char *filename) { grub_net_udp_close (data->sock); destroy_pq (data); + grub_free (data); return grub_errno; }