From: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Date: Sat, 6 Apr 2019 19:16:38 +0000 (-0400)
Subject: Fix: command reply message is leaked for variable-len replies
X-Git-Tag: v2.12.0-rc1~624
X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=99a98ed3b86b74dacba885e5de33ff67bf412af0;ds=sidebyside

Fix: command reply message is leaked for variable-len replies

Commands which return a variable-length payload re-setup the
command context using setup_lttng_msg() (and its wrappers).

In doing so, the lttcomm_lttng_msg structure (plus its trailing
variable-length payload) are re-allocated. However, the previous
instance of lttcomm_lttng_msg is leaked.

This is solved by free()-ing the original lttcomm_lttng_msg when
setup_lttng_msg() is used. When it is only used once, a NULL
pointer will be free'd without any effect.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/src/bin/lttng-sessiond/client.c b/src/bin/lttng-sessiond/client.c
index a889529a7..fb50b3cc6 100644
--- a/src/bin/lttng-sessiond/client.c
+++ b/src/bin/lttng-sessiond/client.c
@@ -81,6 +81,7 @@ static int setup_lttng_msg(struct command_ctx *cmd_ctx,
 	const size_t payload_offset = cmd_header_offset + cmd_header_len;
 	const size_t total_msg_size = header_len + cmd_header_len + payload_len;
 
+	free(cmd_ctx->llm);
 	cmd_ctx->llm = zmalloc(total_msg_size);
 
 	if (cmd_ctx->llm == NULL) {