output: JSON: fix possible leak in error-handling.

The `realloc` extending the buffer containing the JSON to allow us to
insert a final new-line may fail.  Therefore, we need to assign the
return-value to a temporary variable or we will not able to free the
existing buffer on error.

Use the correct type for `buflen`.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/output/ulogd_output_JSON.c b/output/ulogd_output_JSON.c
index c8024488d42efa52c5c26c99346d1209534ca6c3..2166d15d6363e4801c0eb7691798bcd3baad9f16 100644 (file)
--- a/output/ulogd_output_JSON.c
+++ b/output/ulogd_output_JSON.c
@@ -275,8 +275,8 @@ static int json_interp(struct ulogd_pluginstance *upi)
 {
        struct json_priv *opi = (struct json_priv *) &upi->private;
        unsigned int i;
-       char *buf;
-       int buflen;
+       char *buf, *tmp;
+       size_t buflen;
        json_t *msg;
 
        msg = json_object();
@@ -338,8 +338,6 @@ static int json_interp(struct ulogd_pluginstance *upi)
                json_object_set_new(msg, "dvc", json_string(dvc));
        }
 
-
-
        for (i = 0; i < upi->input.num_keys; i++) {
                struct ulogd_key *key = upi->input.keys[i].u.source;
                char *field_name;
@@ -392,7 +390,6 @@ static int json_interp(struct ulogd_pluginstance *upi)
                }
        }
 
-
        buf = json_dumps(msg, 0);
        json_decref(msg);
        if (buf == NULL) {
@@ -400,11 +397,13 @@ static int json_interp(struct ulogd_pluginstance *upi)
                return ULOGD_IRET_ERR;
        }
        buflen = strlen(buf);
-       buf = realloc(buf, sizeof(char)*(buflen+2));
-       if (buf == NULL) {
+       tmp = realloc(buf, buflen + sizeof("\n"));
+       if (tmp == NULL) {
+               free(buf);
                ulogd_log(ULOGD_ERROR, "Could not create message\n");
                return ULOGD_IRET_ERR;
        }
+       buf = tmp;
        strncat(buf, "\n", 1);
        buflen++;