From a8d3c90feca548fc0656d95b5d278713db86ff61 Mon Sep 17 00:00:00 2001 From: Aaron Conole Date: Tue, 17 Nov 2020 09:28:17 -0500 Subject: [PATCH] lldp: avoid memory leak from bad packets A packet that contains multiple instances of certain TLVs will cause lldpd to continually allocate memory and leak the old memory. As an example, multiple instances of system name TLV will cause old values to be dropped by the decoding routine. Reported-at: https://github.com/openvswitch/ovs/pull/337 Reported-by: Jonas Rudloff Signed-off-by: Aaron Conole --- src/daemon/protocols/lldp.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/daemon/protocols/lldp.c b/src/daemon/protocols/lldp.c index ba65cf06..a74556a2 100644 --- a/src/daemon/protocols/lldp.c +++ b/src/daemon/protocols/lldp.c @@ -816,11 +816,16 @@ lldp_decode(struct lldpd *cfg, char *frame, int s, goto malformed; } PEEK_BYTES(b, tlv_size); - if (tlv_type == LLDP_TLV_PORT_DESCR) + if (tlv_type == LLDP_TLV_PORT_DESCR) { + free(port->p_descr); port->p_descr = b; - else if (tlv_type == LLDP_TLV_SYSTEM_NAME) + } else if (tlv_type == LLDP_TLV_SYSTEM_NAME) { + free(chassis->c_name); chassis->c_name = b; - else chassis->c_descr = b; + } else { + free(chassis->c_descr); + chassis->c_descr = b; + } break; case LLDP_TLV_SYSTEM_CAP: CHECK_TLV_SIZE(4, "System capabilities"); -- 2.39.5