tftp: fix memory leaks in open

If protocol open fails, file is immediately freed, so data was leaked. Found by: Coverity scan. CID: 96659
2016-01-16 21:27:57 +03:00 · 2016-01-16 21:27:57 +03:00 · 77002c65d3
commit 77002c65d3
parent d4561cd080
1 changed files with 16 additions and 3 deletions
--- a/grub-core/net/tftp.c
+++ b/grub-core/net/tftp.c
@ -326,7 +326,10 @@ tftp_open (struct grub_file *file, const char *filename)
  grub_netbuff_reserve (&nb, 1500);
  err = grub_netbuff_push (&nb, sizeof (*tftph));
  if (err)
+    {
+      grub_free (data);
      return err;
+    }

  tftph = (struct tftphdr *) nb.data;

@ -361,19 +364,26 @@ tftp_open (struct grub_file *file, const char *filename)

  err = grub_netbuff_unput (&nb, nb.tail - (nb.data + hdrlen));
  if (err)
+    {
+      grub_free (data);
      return err;
+    }

  file->not_easily_seekable = 1;
  file->data = data;

  data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp);
  if (!data->pq)
+    {
+      grub_free (data);
      return grub_errno;
+    }

  err = grub_net_resolve_address (file->device->net->server, &addr);
  if (err)
    {
      destroy_pq (data);
+      grub_free (data);
      return err;
    }

@ -383,6 +393,7 @@ tftp_open (struct grub_file *file, const char *filename)
  if (!data->sock)
    {
      destroy_pq (data);
+      grub_free (data);
      return grub_errno;
    }

@ -396,6 +407,7 @@ tftp_open (struct grub_file *file, const char *filename)
 	{
 	  grub_net_udp_close (data->sock);
 	  destroy_pq (data);
+	  grub_free (data);
 	  return err;
 	}
      grub_net_poll_cards (GRUB_NET_INTERVAL + (i * GRUB_NET_INTERVAL_ADDITION),
@ -412,6 +424,7 @@ tftp_open (struct grub_file *file, const char *filename)
    {
      grub_net_udp_close (data->sock);
      destroy_pq (data);
+      grub_free (data);
      return grub_errno;
    }