Local port leak on nl_socket_alloc/nl_socket_set_local_port(, 0)

I've found a bug in the following scenario (fragment of code):

while (1) {
    struct nl_sock *sk = nl_socket_alloc();

    if (sk == NULL) {
        fprintf(stderr, "Failed to allocate nl socket\n");
	break;
    }
    nl_socket_set_local_port(sk, 0);
    nl_socket_free(sk);
}

The problem is that nl_socket_set_local_port(, 0) does not
release local port if it is allocated before.

diff --git a/lib/socket.c b/lib/socket.c
index 461cd418adae284bee754e33a73160210bef97a9..60120fb2a52c04cb1584ba355a24b9ca89f68959 100644 (file)
--- a/lib/socket.c
+++ b/lib/socket.c
@@ -268,7 +268,14 @@ void nl_socket_set_local_port(struct nl_sock *sk, uint32_t port)
 {
        if (port == 0) {
                port = generate_local_port(); 
-               sk->s_flags &= ~NL_OWN_PORT;
+               /*
+                * Release local port after generation of a new one to be
+                * able to change local port using nl_socket_set_local_port(, 0)
+                */
+               if (!(sk->s_flags & NL_OWN_PORT))
+                       release_local_port(sk->s_local.nl_pid);
+               else
+                       sk->s_flags &= ~NL_OWN_PORT;
        } else  {
                if (!(sk->s_flags & NL_OWN_PORT))
                        release_local_port(sk->s_local.nl_pid);