From 52c07d61f99c9be7b3772d6a01d197ef5d753928 Mon Sep 17 00:00:00 2001 From: Zdenek Styblik Date: Fri, 29 Mar 2013 14:40:21 +0000 Subject: [PATCH] ID: 3608149 - ipmitool - set pointer to NULL after free() Commit is a response(and fix) to double-free bug in 'lib/ipmi_main.c' via username. Now, pointers should be set to NULL after calling free(). Reported-by: Ales Ledvinka --- ipmitool/lib/ipmi_dcmi.c | 1 + ipmitool/lib/ipmi_ekanalyzer.c | 29 ++++-- ipmitool/lib/ipmi_firewall.c | 7 ++ ipmitool/lib/ipmi_fru.c | 56 ++++++++-- ipmitool/lib/ipmi_hpmfwupg.c | 5 + ipmitool/lib/ipmi_kontronoem.c | 24 +++++ ipmitool/lib/ipmi_main.c | 104 ++++++++++++++----- ipmitool/lib/ipmi_pef.c | 3 + ipmitool/lib/ipmi_sdr.c | 68 ++++++++++-- ipmitool/lib/ipmi_sdradd.c | 7 ++ ipmitool/lib/ipmi_sel.c | 22 +++- ipmitool/lib/ipmi_sensor.c | 1 + ipmitool/lib/ipmi_sunoem.c | 1 + ipmitool/lib/log.c | 4 +- ipmitool/src/ipmievd.c | 5 +- ipmitool/src/ipmishell.c | 4 + ipmitool/src/plugins/bmc/bmc.c | 4 + ipmitool/src/plugins/lan/lan.c | 31 ++++-- ipmitool/src/plugins/lanplus/lanplus.c | 22 +++- ipmitool/src/plugins/lanplus/lanplus_crypt.c | 10 +- ipmitool/src/plugins/open/open.c | 26 +++-- 21 files changed, 363 insertions(+), 71 deletions(-) diff --git a/ipmitool/lib/ipmi_dcmi.c b/ipmitool/lib/ipmi_dcmi.c index 738f91b..9a51e14 100755 --- a/ipmitool/lib/ipmi_dcmi.c +++ b/ipmitool/lib/ipmi_dcmi.c @@ -2007,6 +2007,7 @@ static int ipmi_print_sensor_info(struct ipmi_intf *intf, uint16_t rec_id) } free(rec); + rec = NULL; ipmi_sdr_end(intf, itr); return rc; diff --git a/ipmitool/lib/ipmi_ekanalyzer.c b/ipmitool/lib/ipmi_ekanalyzer.c index 6c77c7e..4e28a3e 100644 --- a/ipmitool/lib/ipmi_ekanalyzer.c +++ b/ipmitool/lib/ipmi_ekanalyzer.c @@ -520,7 +520,8 @@ ipmi_ekanalyzer_main( struct ipmi_intf * intf, int argc, char ** argv ) printf("record has been removed!\n"); } } - free (filename[type_offset]); + free(filename[type_offset]); + filename[type_offset] = NULL; } } } @@ -639,7 +640,8 @@ ipmi_ekanalyzer_main( struct ipmi_intf * intf, int argc, char ** argv ) } for (i = 0; i < (argc-1); i++){ if (filename[i] != NULL){ - free (filename[i]); + free(filename[i]); + filename[i] = NULL; } } } /* End of ERROR_STATUS */ @@ -975,7 +977,8 @@ ipmi_ek_display_power( int argc, char * opt, char ** filename, int * file_type ) /*Display the current*/ ipmi_ek_display_current_descriptor( car, cur_desc, filename[num_file] ); - free (cur_desc); + free(cur_desc); + cur_desc = NULL; } /*Ref: AMC.0 specification, Table 3-10: Module Current Requirement*/ else if ( list_record[num_file]->data[PICMG_ID_OFFSET] @@ -1315,7 +1318,9 @@ static int ipmi_ek_matching_process( int * file_type, int index1, int index2, } } free(amc_record1) ; + amc_record1 = NULL; free(amc_record2) ; + amc_record2 = NULL; } else{ printf("No amc record is found!\n"); @@ -1528,7 +1533,8 @@ ipmi_ek_check_physical_connectivity( return_status = ERROR_STATUS; } if (port_desc != NULL){ - free (port_desc); + free(port_desc); + port_desc = NULL; } } return return_status; @@ -1720,8 +1726,10 @@ ipmi_ek_compare_link( struct ipmi_ek_multi_header * physic_record, } } - free (record1.matching_result); - free (record2.matching_result); + free(record1.matching_result); + record1.matching_result = NULL; + free(record2.matching_result); + record2.matching_result = NULL; return result; } @@ -2643,7 +2651,8 @@ ipmi_ek_display_board_info_area( FILE * input_file, char * board_type, printf("-%02x", additional_data[i]); } printf("\n"); - free (additional_data); + free(additional_data); + additional_data = NULL; (*board_length) -= size_board; } } @@ -2692,7 +2701,8 @@ ipmi_ek_display_board_info_area( FILE * input_file, char * board_type, } } printf("\n"); - free (data); + free(data); + data = NULL; (*board_length) -= size_board; file_offset = ftell (input_file); } @@ -4016,7 +4026,8 @@ ipmi_ek_remove_record_from_list( struct ipmi_ek_multi_header * record, (*list_last) = record->prev; else record->next->prev = record->prev; - free (record); + free(record); + record = NULL; } diff --git a/ipmitool/lib/ipmi_firewall.c b/ipmitool/lib/ipmi_firewall.c index 3e937ea..b378c24 100644 --- a/ipmitool/lib/ipmi_firewall.c +++ b/ipmitool/lib/ipmi_firewall.c @@ -881,6 +881,7 @@ ipmi_firewall_info(struct ipmi_intf * intf, int argc, char ** argv) lprintf(LOG_ERR, "Command 0x%02x not supported on LUN/NetFn pair %02x,%02x", p.command, p.lun, p.netfn); free(bmc_fn_support); + bmc_fn_support = NULL; return 0; } cmd = @@ -908,6 +909,7 @@ ipmi_firewall_info(struct ipmi_intf * intf, int argc, char ** argv) lprintf(LOG_ERR, "LUN or LUN/NetFn pair %02x,%02x not supported", p.lun, p.netfn); free(bmc_fn_support); + bmc_fn_support = NULL; return 0; } n = p.netfn >> 1; @@ -948,6 +950,7 @@ ipmi_firewall_info(struct ipmi_intf * intf, int argc, char ** argv) } free(bmc_fn_support); + bmc_fn_support = NULL; return ret; } @@ -997,6 +1000,7 @@ ipmi_firewall_enable_disable(struct ipmi_intf * intf, int enable, int argc, char ret = _gather_info(intf, &p, bmc_fn_support); if (ret < 0) { free(bmc_fn_support); + bmc_fn_support = NULL; return ret; } @@ -1037,6 +1041,7 @@ ipmi_firewall_enable_disable(struct ipmi_intf * intf, int enable, int argc, char */ } free(bmc_fn_support); + bmc_fn_support = NULL; return ret; } @@ -1073,6 +1078,7 @@ ipmi_firewall_reset(struct ipmi_intf * intf, int argc, char ** argv) ret = _gather_info(intf, &p, bmc_fn_support); if (ret < 0) { free(bmc_fn_support); + bmc_fn_support = NULL; return ret; } @@ -1095,6 +1101,7 @@ ipmi_firewall_reset(struct ipmi_intf * intf, int argc, char ** argv) } free(bmc_fn_support); + bmc_fn_support = NULL; return ret; } diff --git a/ipmitool/lib/ipmi_fru.c b/ipmitool/lib/ipmi_fru.c index cec7b6d..3ac6afb 100644 --- a/ipmitool/lib/ipmi_fru.c +++ b/ipmitool/lib/ipmi_fru.c @@ -679,6 +679,7 @@ write_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, } while ((doffset+off) < finish); free(fru_bloc); + fru_bloc = NULL; return ((doffset+off) >= finish); } @@ -1017,6 +1018,7 @@ fru_area_print_multirec_bloc(struct ipmi_intf * intf, struct fru_info * fru, lprintf(LOG_DEBUG ,"Multi-Record area ends at: %i (%xh)",i,i); free(fru_data); + fru_data = NULL; } @@ -1050,12 +1052,14 @@ fru_area_print_chassis(struct ipmi_intf * intf, struct fru_info * fru, fru_len = 8 * fru_data[i + 1]; if (fru_len <= 0) { free(fru_data); + fru_data = NULL; return; } /* read in the full fru */ if (read_fru_area(intf, fru, id, i, fru_len, fru_data) < 0) { free(fru_data); + fru_data = NULL; return; } @@ -1101,6 +1105,7 @@ fru_area_print_chassis(struct ipmi_intf * intf, struct fru_info * fru, if (fru_area != NULL) { free(fru_data); + fru_data = NULL; } } @@ -1135,12 +1140,14 @@ fru_area_print_board(struct ipmi_intf * intf, struct fru_info * fru, fru_len = 8 * fru_data[i + 1]; if (fru_len <= 0) { free(fru_data); + fru_data = NULL; return; } /* read in the full fru */ if (read_fru_area(intf, fru, id, i, fru_len, fru_data) < 0) { free(fru_data); + fru_data = NULL; return; } @@ -1216,6 +1223,7 @@ fru_area_print_board(struct ipmi_intf * intf, struct fru_info * fru, if (fru_area != NULL) { free(fru_data); + fru_data = NULL; } } @@ -1249,12 +1257,14 @@ fru_area_print_product(struct ipmi_intf * intf, struct fru_info * fru, fru_len = 8 * fru_data[i + 1]; if (fru_len <= 0) { free(fru_data); + fru_data = NULL; return; } /* read in the full fru */ if (read_fru_area(intf, fru, id, i, fru_len, fru_data) < 0) { free(fru_data); + fru_data = NULL; return; } @@ -1343,6 +1353,7 @@ fru_area_print_product(struct ipmi_intf * intf, struct fru_info * fru, if (fru_area != NULL) { free(fru_data); + fru_data = NULL; } } @@ -1541,6 +1552,7 @@ fru_area_print_multirec(struct ipmi_intf * intf, struct fru_info * fru, lprintf(LOG_DEBUG ,"Multi-Record area ends at: %i (%xh)",i,i); free(fru_data); + fru_data = NULL; } /* ipmi_fru_query_new_value - Query new values to replace original FRU content @@ -1579,6 +1591,7 @@ int ipmi_fru_query_new_value(uint8_t *data,int offset, size_t len) } /* &data[offset++] */ free(holder); + holder = NULL; status = TRUE; } else{ @@ -3143,8 +3156,10 @@ ipmi_fru_print_all(struct ipmi_intf * intf) intf->target_addr = save_addr; } - if (mc) + if (mc) { free(mc); + mc = NULL; + } continue; } @@ -3156,12 +3171,15 @@ ipmi_fru_print_all(struct ipmi_intf * intf) fru = (struct sdr_record_fru_locator *) ipmi_sdr_get_record(intf, header, itr); if (fru == NULL || !fru->logical) { - if (fru) + if (fru) { free(fru); + fru = NULL; + } continue; } rc = ipmi_fru_print(intf, fru); free(fru); + fru = NULL; } ipmi_sdr_end(intf, itr); @@ -3236,11 +3254,13 @@ ipmi_fru_read_to_bin(struct ipmi_intf * intf, } else { lprintf(LOG_ERR, "Error opening file %s\n", pFileName); free(pFruBuf); + pFruBuf = NULL; return; } fclose(pFile); } free(pFruBuf); + pFruBuf = NULL; } static void @@ -3303,6 +3323,7 @@ ipmi_fru_write_from_bin(struct ipmi_intf * intf, } free(pFruBuf); + pFruBuf = NULL; } /* ipmi_fru_write_help() - print help text for 'write' @@ -3494,6 +3515,7 @@ ipmi_fru_edit_multirec(struct ipmi_intf * intf, uint8_t id , } while (!(h->format & 0x80) && (error != 1)); free(fru_data); + fru_data = NULL; } return 0; } @@ -3667,6 +3689,7 @@ ipmi_fru_get_multirec(struct ipmi_intf * intf, uint8_t id , } while (!(h->format & 0x80) && (error != 1)); free(fru_data); + fru_data = NULL; } return 0; } @@ -3708,6 +3731,7 @@ ipmi_fru_upg_ekeying(struct ipmi_intf * intf, lprintf(LOG_ERR, "Failed to get multirec from file '%s'.", pFileName); if (buf != NULL) { free(buf); + buf = NULL; } return (-1); } @@ -3715,6 +3739,7 @@ ipmi_fru_upg_ekeying(struct ipmi_intf * intf, lprintf(LOG_ERR, "Failed to adjust size from buffer."); if (buf != NULL) { free(buf); + buf = NULL; } return (-1); } @@ -3723,11 +3748,13 @@ ipmi_fru_upg_ekeying(struct ipmi_intf * intf, lprintf(LOG_ERR, "Failed to write FRU area."); if (buf != NULL) { free(buf); + buf = NULL; } return (-1); } if (buf != NULL) { free(buf); + buf = NULL; } lprintf(LOG_INFO, "Done upgrading Ekey."); return 0; @@ -4231,6 +4258,7 @@ ipmi_fru_read_internal_use(struct ipmi_intf * intf, uint8_t id, char * pFileName { lprintf(LOG_ERR, "Error opening file %s\n", pFileName); free(frubuf); + frubuf = NULL; return -1; } fclose(pFile); @@ -4239,6 +4267,7 @@ ipmi_fru_read_internal_use(struct ipmi_intf * intf, uint8_t id, char * pFileName printf("\n"); free(frubuf); + frubuf = NULL; } } @@ -4322,6 +4351,7 @@ ipmi_fru_write_internal_use(struct ipmi_intf * intf, uint8_t id, char * pFileNam } free(frubuf); + frubuf = NULL; } fclose(fp); fp = NULL; @@ -4723,6 +4753,7 @@ f_type, uint8_t f_index, char *f_string) fru_field_offset_tmp = fru_field_offset; if (fru_area != NULL) { free(fru_area); + fru_area = NULL; } fru_area = (uint8_t *) get_fru_area_str(fru_data, &fru_field_offset); } @@ -4770,10 +4801,14 @@ f_type, uint8_t f_index, char *f_string) } ipmi_fru_set_field_string_out: - if (fru_data != NULL) + if (fru_data != NULL) { free(fru_data); - if (fru_area != NULL) + fru_data = NULL; + } + if (fru_area != NULL) { free(fru_area); + fru_area = NULL; + } return rc; } @@ -4902,6 +4937,7 @@ ipmi_fru_set_field_string_rebuild(struct ipmi_intf * intf, uint8_t fruId, fru_field_offset_tmp = fru_field_offset; if (fru_area != NULL) { free(fru_area); + fru_area = NULL; } fru_area = (uint8_t *) get_fru_area_str(fru_data_old, &fru_field_offset); } @@ -5157,12 +5193,18 @@ ipmi_fru_set_field_string_rebuild(struct ipmi_intf * intf, uint8_t fruId, printf("Done.\n"); ipmi_fru_set_field_string_rebuild_out: - if (fru_area != NULL) + if (fru_area != NULL) { free(fru_area); - if (fru_data_new != NULL) + fru_area = NULL; + } + if (fru_data_new != NULL) { free(fru_data_new); - if (fru_data_old != NULL) + fru_data_new = NULL; + } + if (fru_data_old != NULL) { free(fru_data_old); + fru_data_old = NULL; + } return rc; } diff --git a/ipmitool/lib/ipmi_hpmfwupg.c b/ipmitool/lib/ipmi_hpmfwupg.c index 46bcb31..7d054a9 100644 --- a/ipmitool/lib/ipmi_hpmfwupg.c +++ b/ipmitool/lib/ipmi_hpmfwupg.c @@ -1469,6 +1469,7 @@ int HpmfwupgUpgrade(struct ipmi_intf *intf, char* imageFilename, else { free(fwupgCtx.pImageData); + fwupgCtx.pImageData = NULL; } } @@ -1489,6 +1490,7 @@ int HpmfwupgUpgrade(struct ipmi_intf *intf, char* imageFilename, else { free(fwupgCtx.pImageData); + fwupgCtx.pImageData = NULL; } } @@ -1525,6 +1527,7 @@ int HpmfwupgUpgrade(struct ipmi_intf *intf, char* imageFilename, if ( rc != HPMFWUPG_SUCCESS ) { free(fwupgCtx.pImageData); + fwupgCtx.pImageData = NULL; } } @@ -1538,6 +1541,7 @@ int HpmfwupgUpgrade(struct ipmi_intf *intf, char* imageFilename, if ( rc != HPMFWUPG_SUCCESS ) { free(fwupgCtx.pImageData); + fwupgCtx.pImageData = NULL; } } @@ -1553,6 +1557,7 @@ int HpmfwupgUpgrade(struct ipmi_intf *intf, char* imageFilename, lprintf(LOG_NOTICE,"\nFirmware upgrade procedure successful\n"); } free(fwupgCtx.pImageData); + fwupgCtx.pImageData = NULL; } else { diff --git a/ipmitool/lib/ipmi_kontronoem.c b/ipmitool/lib/ipmi_kontronoem.c index d6c3f22..dac2ced 100644 --- a/ipmitool/lib/ipmi_kontronoem.c +++ b/ipmitool/lib/ipmi_kontronoem.c @@ -339,12 +339,14 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) if (rsp == NULL) { printf(" Device not present (No Response)\n"); free(sn); + sn = NULL; return -1; } if (rsp->ccode > 0) { printf(" Device not present (%s)\n", val2str(rsp->ccode, completion_code_vals)); free(sn); + sn = NULL; return(-1); } @@ -354,6 +356,7 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) if (fru.size < 1) { printf(" Invalid FRU size %d", fru.size); free(sn); + sn = NULL; return -1; } @@ -376,6 +379,7 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) { printf(" Device not present (No Response)\n"); free(sn); + sn = NULL; return(-1); } if (rsp->ccode > 0) @@ -383,6 +387,7 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) printf(" Device not present (%s)\n", val2str(rsp->ccode, completion_code_vals)); free(sn); + sn = NULL; return(-1); } @@ -396,6 +401,7 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) printf(" Unknown FRU header version 0x%02x", header.version); free(sn); + sn = NULL; return(-1); } @@ -409,6 +415,7 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) { printf("Out of memory!"); free(sn); + sn = NULL; return(-1); } @@ -416,7 +423,9 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) if(read_fru_area(intf ,&fru ,0 ,(header.offset.board * 8) ,board_sec_len , fru_data) < 0) { free(sn); + sn = NULL; free(fru_data); + fru_data = NULL; return(-1); } @@ -438,7 +447,9 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) { printf("The length of the serial number in the FRU Board Area is wrong.\n"); free(sn); + sn = NULL; free(fru_data); + fru_data = NULL; return(-1); } @@ -460,7 +471,9 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) if(write_fru_area(intf, &fru, 0, (header.offset.board * 8), (header.offset.board * 8), board_sec_len, fru_data) < 0) { free(sn); + sn = NULL; free(fru_data); + fru_data = NULL; return(-1); } @@ -470,7 +483,9 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) if(read_fru_area(intf ,&fru ,0 ,(header.offset.product * 8) ,prod_sec_len , fru_data) < 0) { free(sn); + sn = NULL; free(fru_data); + fru_data = NULL; return(-1); } @@ -499,7 +514,9 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) if(strlen(fru_area) != sn_size) { free(sn); + sn = NULL; free(fru_data); + fru_data = NULL; printf("The length of the serial number in the FRU Product Area is wrong.\n"); return(-1); @@ -523,12 +540,16 @@ ipmi_kontron_set_serial_number(struct ipmi_intf * intf) if(write_fru_area(intf, &fru, 0, (header.offset.product * 8), (header.offset.product * 8), prod_sec_len, fru_data) < 0) { free(sn); + sn = NULL; free(fru_data); + fru_data = NULL; return -1; } free(sn); + sn = NULL; free(fru_data); + fru_data = NULL; return(1); @@ -678,6 +699,7 @@ ipmi_kontron_set_mfg_date (struct ipmi_intf * intf) if(read_fru_area(intf ,&fru ,0 ,(header.offset.board * 8) ,board_sec_len , fru_data) < 0) { free(fru_data); + fru_data = NULL; return(-1); } @@ -698,10 +720,12 @@ ipmi_kontron_set_mfg_date (struct ipmi_intf * intf) if(write_fru_area(intf, &fru, 0, (header.offset.board * 8), (header.offset.board * 8), board_sec_len, fru_data) < 0) { free(fru_data); + fru_data = NULL; return(-1); } free(fru_data); + fru_data = NULL; return(1); } diff --git a/ipmitool/lib/ipmi_main.c b/ipmitool/lib/ipmi_main.c index ce98ef4..440fa9b 100644 --- a/ipmitool/lib/ipmi_main.c +++ b/ipmitool/lib/ipmi_main.c @@ -320,6 +320,7 @@ ipmi_parse_hex(const char *str) if (!isxdigit(*p)) { lprintf(LOG_ERR, "Kg_hex is not hexadecimal number"); free(out); + out = NULL; return NULL; } @@ -397,8 +398,10 @@ ipmi_main(int argc, char ** argv, { switch (argflag) { case 'I': - if (intfname) + if (intfname) { free(intfname); + intfname = NULL; + } intfname = strdup(optarg); if (intfname == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); @@ -476,8 +479,10 @@ ipmi_main(int argc, char ** argv, csv_output = 1; break; case 'H': - if (hostname) + if (hostname) { free(hostname); + hostname = NULL; + } hostname = strdup(optarg); if (hostname == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); @@ -485,8 +490,10 @@ ipmi_main(int argc, char ** argv, } break; case 'f': - if (password) + if (password) { free(password); + password = NULL; + } password = ipmi_password_file_read(optarg); if (password == NULL) lprintf(LOG_ERR, "Unable to read password " @@ -499,10 +506,13 @@ ipmi_main(int argc, char ** argv, tmp_pass = getpass("Password: "); #endif if (tmp_pass != NULL) { - if (password) + if (password) { free(password); + password = NULL; + } password = strdup(tmp_pass); free(tmp_pass); + tmp_pass = NULL; if (password == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); goto out_free; @@ -510,8 +520,10 @@ ipmi_main(int argc, char ** argv, } break; case 'k': - if (kgkey) + if (kgkey) { free(kgkey); + kgkey = NULL; + } kgkey = strdup(optarg); if (kgkey == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); @@ -520,8 +532,10 @@ ipmi_main(int argc, char ** argv, break; case 'K': if ((tmp_env = getenv("IPMI_KGKEY"))) { - if (kgkey) + if (kgkey) { free(kgkey); + kgkey = NULL; + } kgkey = strdup(tmp_env); if (kgkey == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); @@ -532,8 +546,10 @@ ipmi_main(int argc, char ** argv, } break; case 'y': - if (kgkey) + if (kgkey) { free(kgkey); + kgkey = NULL; + } kgkey = ipmi_parse_hex(optarg); if (kgkey == NULL) { goto out_free; @@ -546,10 +562,13 @@ ipmi_main(int argc, char ** argv, tmp_pass = getpass("Key: "); #endif if (tmp_pass != NULL) { - if (kgkey) + if (kgkey) { free(kgkey); + kgkey = NULL; + } kgkey = strdup(tmp_pass); free(tmp_pass); + tmp_pass = NULL; if (kgkey == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); goto out_free; @@ -557,8 +576,10 @@ ipmi_main(int argc, char ** argv, } break; case 'U': - if (username) + if (username) { free(username); + username = NULL; + } if (strlen(optarg) > 16) { lprintf(LOG_ERR, "Username is too long (> 16 bytes)"); goto out_free; @@ -570,8 +591,10 @@ ipmi_main(int argc, char ** argv, } break; case 'S': - if (sdrcache) + if (sdrcache) { free(sdrcache); + sdrcache = NULL; + } sdrcache = strdup(optarg); if (sdrcache == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); @@ -580,8 +603,10 @@ ipmi_main(int argc, char ** argv, break; #ifdef ENABLE_ALL_OPTIONS case 'o': - if (oemtype) + if (oemtype) { free(oemtype); + oemtype = NULL; + } oemtype = strdup(optarg); if (oemtype == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); @@ -596,19 +621,25 @@ ipmi_main(int argc, char ** argv, break; case 'g': /* backwards compatible oem hack */ - if (oemtype) + if (oemtype) { free(oemtype); + oemtype = NULL; + } oemtype = strdup("intelwv2"); break; case 's': /* backwards compatible oem hack */ - if (oemtype) + if (oemtype) { free(oemtype); + oemtype = NULL; + } oemtype = strdup("supermicro"); break; case 'P': - if (password) + if (password) { free(password); + password = NULL; + } password = strdup(optarg); if (password == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); @@ -621,8 +652,10 @@ ipmi_main(int argc, char ** argv, break; case 'E': if ((tmp_env = getenv("IPMITOOL_PASSWORD"))) { - if (password) + if (password) { free(password); + password = NULL; + } password = strdup(tmp_env); if (password == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); @@ -630,8 +663,10 @@ ipmi_main(int argc, char ** argv, } } else if ((tmp_env = getenv("IPMI_PASSWORD"))) { - if (password) + if (password) { free(password); + password = NULL; + } password = strdup(tmp_env); if (password == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); @@ -702,8 +737,10 @@ ipmi_main(int argc, char ** argv, sol_escape_char = optarg[0]; break; case 'O': - if (seloem) + if (seloem) { free(seloem); + seloem = NULL; + } seloem = strdup(optarg); if (seloem == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); @@ -765,6 +802,7 @@ ipmi_main(int argc, char ** argv, if (tmp_pass != NULL) { password = strdup(tmp_pass); free(tmp_pass); + tmp_pass = NULL; if (password == NULL) { lprintf(LOG_ERR, "%s: malloc failure", progname); goto out_free; @@ -972,22 +1010,38 @@ ipmi_main(int argc, char ** argv, out_free: log_halt(); - if (intfname != NULL) + if (intfname != NULL) { free(intfname); - if (hostname != NULL) + intfname = NULL; + } + if (hostname != NULL) { free(hostname); - if (username != NULL) + hostname = NULL; + } + if (username != NULL) { free(username); - if (password != NULL) + username = NULL; + } + if (password != NULL) { free(password); - if (oemtype != NULL) + password = NULL; + } + if (oemtype != NULL) { free(oemtype); - if (seloem != NULL) + oemtype = NULL; + } + if (seloem != NULL) { free(seloem); - if (kgkey != NULL) + seloem = NULL; + } + if (kgkey != NULL) { free(kgkey); - if (sdrcache != NULL) + kgkey = NULL; + } + if (sdrcache != NULL) { free(sdrcache); + sdrcache = NULL; + } return rc; } diff --git a/ipmitool/lib/ipmi_pef.c b/ipmitool/lib/ipmi_pef.c index 1c0e378..c0fa00d 100644 --- a/ipmitool/lib/ipmi_pef.c +++ b/ipmitool/lib/ipmi_pef.c @@ -679,6 +679,7 @@ ipmi_pef_list_policies(struct ipmi_intf * intf) if (!tbl_size) { if (!ptbl) { free(ptbl); + ptbl = NULL; } return; } @@ -734,6 +735,7 @@ ipmi_pef_list_policies(struct ipmi_intf * intf) } } free(ptbl); + ptbl = NULL; } static void @@ -811,6 +813,7 @@ ipmi_pef_get_info(struct ipmi_intf * intf) tbl_size = ipmi_pef_get_policy_table(intf, &ptbl); if (!ptbl) { free(ptbl); + ptbl = NULL; } memset(&req, 0, sizeof(req)); diff --git a/ipmitool/lib/ipmi_sdr.c b/ipmitool/lib/ipmi_sdr.c index 698f051..85e0cb7 100644 --- a/ipmitool/lib/ipmi_sdr.c +++ b/ipmitool/lib/ipmi_sdr.c @@ -2690,6 +2690,7 @@ ipmi_sdr_print_sdr(struct ipmi_intf *intf, uint8_t type) lprintf(LOG_ERR, "ipmitool: malloc failure"); if (rec != NULL) { free(rec); + rec = NULL; } break; } @@ -2725,8 +2726,10 @@ ipmi_sdr_print_sdr(struct ipmi_intf *intf, uint8_t type) break; default: free(rec); + rec = NULL; if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -2826,10 +2829,12 @@ ipmi_sdr_start(struct ipmi_intf *intf, int use_builtin) if (rsp == NULL) { lprintf(LOG_ERR, "Get Device ID command failed"); free(itr); + itr = NULL; return NULL; } if (rsp->ccode > 0) { free(itr); + itr = NULL; return NULL; } devid = (struct ipm_devid_rsp *) rsp->data; @@ -2844,6 +2849,7 @@ ipmi_sdr_start(struct ipmi_intf *intf, int use_builtin) } else { lprintf(LOG_ERR, "Error obtaining SDR info"); free(itr); + itr = NULL; return NULL; } } else { @@ -2863,12 +2869,14 @@ ipmi_sdr_start(struct ipmi_intf *intf, int use_builtin) if (rsp == NULL) { lprintf(LOG_ERR, "Error obtaining SDR info"); free(itr); + itr = NULL; return NULL; } if (rsp->ccode > 0) { lprintf(LOG_ERR, "Error obtaining SDR info: %s", val2str(rsp->ccode, completion_code_vals)); free(itr); + itr = NULL; return NULL; } @@ -2897,6 +2905,7 @@ ipmi_sdr_start(struct ipmi_intf *intf, int use_builtin) if( ipmi_sdr_add_from_sensors( intf, 0 ) != 0 ) { lprintf(LOG_ERR, "Could not build SDRR!"); free(itr); + itr = NULL; return NULL; } } @@ -2911,6 +2920,7 @@ ipmi_sdr_start(struct ipmi_intf *intf, int use_builtin) if (!rsp || !rsp->data_len || rsp->ccode) { printf("Err in cmd get sensor sdr info\n"); free(itr); + itr = NULL; return NULL; } memcpy(&sdr_info, rsp->data, sizeof (sdr_info)); @@ -2924,6 +2934,7 @@ ipmi_sdr_start(struct ipmi_intf *intf, int use_builtin) &(itr->reservation)) < 0) { lprintf(LOG_ERR, "Unable to obtain SDR reservation"); free(itr); + itr = NULL; return NULL; } @@ -2996,6 +3007,7 @@ ipmi_sdr_get_record(struct ipmi_intf * intf, struct sdr_get_rs * header, continue; } else { free(data); + data = NULL; return NULL; } } @@ -3015,6 +3027,7 @@ ipmi_sdr_get_record(struct ipmi_intf * intf, struct sdr_get_rs * header, if (ipmi_sdr_get_reservation(intf, itr->use_built_in, &(itr->reservation)) < 0) { free(data); + data = NULL; return NULL; } sdr_rq.reserve_id = itr->reservation; @@ -3024,6 +3037,7 @@ ipmi_sdr_get_record(struct ipmi_intf * intf, struct sdr_get_rs * header, /* special completion codes handled above */ if (rsp->ccode > 0 || rsp->data_len == 0) { free(data); + data = NULL; return NULL; } @@ -3044,8 +3058,10 @@ ipmi_sdr_get_record(struct ipmi_intf * intf, struct sdr_get_rs * header, void ipmi_sdr_end(struct ipmi_intf *intf, struct ipmi_sdr_iterator *itr) { - if (itr) + if (itr) { free(itr); + itr = NULL; + } } /* __sdr_list_add - helper function to add SDR record to list @@ -3094,6 +3110,7 @@ __sdr_list_empty(struct sdr_record_list *head) for (e = head; e != NULL; e = f) { f = e->next; free(e); + e = NULL; } head = NULL; } @@ -3115,32 +3132,45 @@ ipmi_sdr_list_empty(struct ipmi_intf *intf) switch (list->type) { case SDR_RECORD_TYPE_FULL_SENSOR: case SDR_RECORD_TYPE_COMPACT_SENSOR: - if (list->record.common) + if (list->record.common) { free(list->record.common); + list->record.common = NULL; + } break; case SDR_RECORD_TYPE_EVENTONLY_SENSOR: - if (list->record.eventonly) + if (list->record.eventonly) { free(list->record.eventonly); + list->record.eventonly = NULL; + } break; case SDR_RECORD_TYPE_GENERIC_DEVICE_LOCATOR: - if (list->record.genloc) + if (list->record.genloc) { free(list->record.genloc); + list->record.genloc = NULL; + } break; case SDR_RECORD_TYPE_FRU_DEVICE_LOCATOR: - if (list->record.fruloc) + if (list->record.fruloc) { free(list->record.fruloc); + list->record.fruloc = NULL; + } break; case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR: - if (list->record.mcloc) + if (list->record.mcloc) { free(list->record.mcloc); + list->record.mcloc = NULL; + } break; case SDR_RECORD_TYPE_ENTITY_ASSOC: - if (list->record.entassoc) + if (list->record.entassoc) { free(list->record.entassoc); + list->record.entassoc = NULL; + } break; } next = list->next; free(list); + list = NULL; } sdr_list_head = NULL; @@ -3210,6 +3240,7 @@ ipmi_sdr_find_sdr_bynumtype(struct ipmi_intf *intf, uint16_t gen_id, uint8_t num if (rec == NULL) { if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -3250,8 +3281,10 @@ ipmi_sdr_find_sdr_bynumtype(struct ipmi_intf *intf, uint16_t gen_id, uint8_t num break; default: free(rec); + rec = NULL; if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -3334,6 +3367,7 @@ ipmi_sdr_find_sdr_bysensortype(struct ipmi_intf *intf, uint8_t type) if (rec == NULL) { if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -3370,8 +3404,10 @@ ipmi_sdr_find_sdr_bysensortype(struct ipmi_intf *intf, uint8_t type) break; default: free(rec); + rec = NULL; if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -3485,6 +3521,7 @@ ipmi_sdr_find_sdr_byentity(struct ipmi_intf *intf, struct entity_id *entity) if (rec == NULL) { if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -3547,8 +3584,10 @@ ipmi_sdr_find_sdr_byentity(struct ipmi_intf *intf, struct entity_id *entity) break; default: free(rec); + rec = NULL; if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -3618,6 +3657,7 @@ ipmi_sdr_find_sdr_bytype(struct ipmi_intf *intf, uint8_t type) if (rec == NULL) { if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -3650,8 +3690,10 @@ ipmi_sdr_find_sdr_bytype(struct ipmi_intf *intf, uint8_t type) break; default: free(rec); + rec = NULL; if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -3760,6 +3802,7 @@ ipmi_sdr_find_sdr_byid(struct ipmi_intf *intf, char *id) if (rec == NULL) { if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -3827,8 +3870,10 @@ ipmi_sdr_find_sdr_byid(struct ipmi_intf *intf, char *id) break; default: free(rec); + rec = NULL; if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -3924,6 +3969,7 @@ ipmi_sdr_list_cache_fromfile(struct ipmi_intf *intf, const char *ifile) ret = -1; if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } break; } @@ -3937,9 +3983,11 @@ ipmi_sdr_list_cache_fromfile(struct ipmi_intf *intf, const char *ifile) ret = -1; if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } if (rec != NULL) { free(rec); + rec = NULL; } break; } @@ -3972,8 +4020,10 @@ ipmi_sdr_list_cache_fromfile(struct ipmi_intf *intf, const char *ifile) break; default: free(rec); + rec = NULL; if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -4042,6 +4092,7 @@ ipmi_sdr_list_cache(struct ipmi_intf *intf) if (rec == NULL) { if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -4074,8 +4125,10 @@ ipmi_sdr_list_cache(struct ipmi_intf *intf) break; default: free(rec); + rec = NULL; if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } continue; } @@ -4303,6 +4356,7 @@ ipmi_sdr_dump_bin(struct ipmi_intf *intf, const char *ofile) lprintf(LOG_ERR, "ipmitool: cannot obtain SDR record %04x", header->id); if (sdrr != NULL) { free(sdrr); + sdrr = NULL; } return -1; } diff --git a/ipmitool/lib/ipmi_sdradd.c b/ipmitool/lib/ipmi_sdradd.c index 1ac0d24..96282e4 100644 --- a/ipmitool/lib/ipmi_sdradd.c +++ b/ipmitool/lib/ipmi_sdradd.c @@ -139,6 +139,7 @@ ipmi_sdr_add_record(struct ipmi_intf *intf, struct sdr_record_list *sdrr) if (partial_send(intf, &req, &id)) { lprintf(LOG_ERR, "ipmitool: partial send error"); free(sdr_rq); + sdr_rq = NULL; return -1; } @@ -169,6 +170,7 @@ ipmi_sdr_add_record(struct ipmi_intf *intf, struct sdr_record_list *sdrr) } free(sdr_rq); + sdr_rq = NULL; return rc; } @@ -304,6 +306,7 @@ sdr_copy_to_sdrr(struct ipmi_intf *intf, int use_builtin, lprintf(LOG_ERR, "Cannot add SDR ID 0x%04x to repository...", sdrr->id); } free(sdrr); + sdrr = NULL; } return rc; } @@ -608,6 +611,7 @@ ipmi_sdr_read_records(const char *filename, struct sdrr_queue *queue) if ((sdrr->raw = malloc(sdrr->length)) == NULL) { lprintf(LOG_ERR, "ipmitool: malloc failure"); free(sdrr); + sdrr = NULL; rc = -1; break; } @@ -615,7 +619,9 @@ ipmi_sdr_read_records(const char *filename, struct sdrr_queue *queue) if (read(fd, sdrr->raw, sdrr->length) != sdrr->length) { lprintf(LOG_ERR, "SDR from '%s' truncated", filename); free(sdrr->raw); + sdrr->raw = NULL; free(sdrr); + sdrr = NULL; rc = -1; break; } @@ -655,6 +661,7 @@ ipmi_sdr_add_from_file(struct ipmi_intf *intf, const char *ifile) lprintf(LOG_ERR, "Cannot add SDR ID 0x%04x to repository...", sdrr->id); } free(sdrr); + sdrr = NULL; } return rc; } diff --git a/ipmitool/lib/ipmi_sel.c b/ipmitool/lib/ipmi_sel.c index a4533e5..2c0e2ac 100644 --- a/ipmitool/lib/ipmi_sel.c +++ b/ipmitool/lib/ipmi_sel.c @@ -155,10 +155,12 @@ int ipmi_sel_oem_init(const char * filename) for (k=3; k<17; k++) { if (sel_oem_msg[j].value[SEL_BYTE(k)] == -3) { free(sel_oem_msg[j].string[SEL_BYTE(k)]); + sel_oem_msg[j].string[SEL_BYTE(k)] = NULL; } } } - free (sel_oem_msg); + free(sel_oem_msg); + sel_oem_msg = NULL; return -1; } @@ -609,16 +611,20 @@ char * get_dell_evt_desc(struct ipmi_intf * intf, struct sel_event_record * rec) if (NULL == rsp) { lprintf(LOG_ERR, " Error getting system info"); - if (desc != NULL) + if (desc != NULL) { free(desc); + desc = NULL; + } return NULL; } else if (rsp->ccode > 0) { lprintf(LOG_ERR, " Error getting system info: %s", val2str(rsp->ccode, completion_code_vals)); - if (desc != NULL) + if (desc != NULL) { free(desc); + desc = NULL; + } return NULL; } version = rsp->data[4]; @@ -1170,6 +1176,7 @@ ipmi_get_event_desc(struct ipmi_intf * intf, struct sel_event_record * rec, char if (sfx) { sprintf(*desc, "%s (%s)", evt->desc, sfx); free(sfx); + sfx = NULL; } else { sprintf(*desc, "%s", evt->desc); } @@ -1215,6 +1222,7 @@ ipmi_get_event_desc(struct ipmi_intf * intf, struct sel_event_record * rec, char sprintf(*desc, "(%s)",sfx); } free(sfx); + sfx = NULL; } } @@ -1540,8 +1548,10 @@ ipmi_sel_print_event_file(struct ipmi_intf * intf, struct sel_event_record * evt evt->sel_type.standard_type.sensor_num, (description != NULL) ? description : "Unknown"); - if (description != NULL) + if (description != NULL) { free(description); + description = NULL; + } } void @@ -1707,6 +1717,7 @@ ipmi_sel_print_std_entry(struct ipmi_intf * intf, struct sel_event_record * evt) if (description) { printf("%s", description); free(description); + description = NULL; } if (evt->sel_type.standard_type.event_type == 0x6f) { @@ -1865,6 +1876,7 @@ ipmi_sel_print_std_entry_verbose(struct ipmi_intf * intf, struct sel_event_recor printf(" Description : %s\n", description ? description : ""); free(description); + description = NULL; printf("\n"); } @@ -2019,6 +2031,7 @@ ipmi_sel_print_extended_entry_verbose(struct ipmi_intf * intf, struct sel_event_ printf(" Description : %s\n", description ? description : ""); free(description); + description = NULL; printf("\n"); } @@ -2317,6 +2330,7 @@ ipmi_sel_interpret(struct ipmi_intf * intf, unsigned long iana, const char * rea } }while (status == 0); /* until file is completely read */ free(buffer); + buffer = NULL; } /* if memory allocation succeeded */ fclose(fp); } /* if file open succeeded */ diff --git a/ipmitool/lib/ipmi_sensor.c b/ipmitool/lib/ipmi_sensor.c index b7be1f1..41276b1 100644 --- a/ipmitool/lib/ipmi_sensor.c +++ b/ipmitool/lib/ipmi_sensor.c @@ -438,6 +438,7 @@ ipmi_sensor_list(struct ipmi_intf *intf) break; } free(rec); + rec = NULL; /* fix for CR6604909: */ /* mask failure of individual reads in sensor list command */ diff --git a/ipmitool/lib/ipmi_sunoem.c b/ipmitool/lib/ipmi_sunoem.c index 378c926..9fa7d02 100644 --- a/ipmitool/lib/ipmi_sunoem.c +++ b/ipmitool/lib/ipmi_sunoem.c @@ -180,6 +180,7 @@ __sdr_list_empty(struct sdr_record_list * head) for (e = head; e != NULL; e = f) { f = e->next; free(e); + e = NULL; } head = NULL; } diff --git a/ipmitool/lib/log.c b/ipmitool/lib/log.c index 162d247..bc80542 100644 --- a/ipmitool/lib/log.c +++ b/ipmitool/lib/log.c @@ -132,8 +132,10 @@ void log_halt(void) if (!logpriv) return; - if (logpriv->name) + if (logpriv->name) { free(logpriv->name); + logpriv->name = NULL; + } if (logpriv->daemon) closelog(); diff --git a/ipmitool/src/ipmievd.c b/ipmitool/src/ipmievd.c index 461a890..bf242e7 100644 --- a/ipmitool/src/ipmievd.c +++ b/ipmitool/src/ipmievd.c @@ -251,6 +251,7 @@ log_event(struct ipmi_event_intf * eintf, struct sel_event_record * evt) lprintf(LOG_NOTICE, "%s%s sensor - %s", eintf->prefix, type, desc); free(desc); + desc = NULL; } else { lprintf(LOG_NOTICE, "%s%s sensor %02x", eintf->prefix, type, @@ -334,8 +335,10 @@ log_event(struct ipmi_event_intf * eintf, struct sel_event_record * evt) break; } - if (desc) + if (desc) { free(desc); + desc = NULL; + } } /*************************************************************************/ diff --git a/ipmitool/src/ipmishell.c b/ipmitool/src/ipmishell.c index eb7d550..e1ec1f6 100644 --- a/ipmitool/src/ipmishell.c +++ b/ipmitool/src/ipmishell.c @@ -121,17 +121,20 @@ int ipmi_shell_main(struct ipmi_intf * intf, int argc, char ** argv) while ((pbuf = (char *)readline(RL_PROMPT)) != NULL) { if (strlen(pbuf) == 0) { free(pbuf); + pbuf = NULL; continue; } if (strncmp(pbuf, "quit", 4) == 0 || strncmp(pbuf, "exit", 4) == 0) { free(pbuf); + pbuf = NULL; return 0; } if (strncmp(pbuf, "help", 4) == 0 || strncmp(pbuf, "?", 1) == 0) { ipmi_cmd_print(intf->cmdlist); free(pbuf); + pbuf = NULL; continue; } @@ -201,6 +204,7 @@ int ipmi_shell_main(struct ipmi_intf * intf, int argc, char ** argv) &(__argv[1])); free(pbuf); + pbuf = NULL; } printf("\n"); return rc; diff --git a/ipmitool/src/plugins/bmc/bmc.c b/ipmitool/src/plugins/bmc/bmc.c index 0260980..b88b077 100644 --- a/ipmitool/src/plugins/bmc/bmc.c +++ b/ipmitool/src/plugins/bmc/bmc.c @@ -218,10 +218,12 @@ ipmi_bmc_send_cmd_putmsg(struct ipmi_intf *intf, struct ipmi_rq *req) if (putmsg(intf->fd, NULL, &sb, 0) < 0) { perror("BMC putmsg: "); free(msg); + msg = NULL; return (NULL); } free(msg); + msg = NULL; sb.buf = malloc(MESSAGE_BUFSIZE); sb.maxlen = MESSAGE_BUFSIZE; @@ -229,6 +231,7 @@ ipmi_bmc_send_cmd_putmsg(struct ipmi_intf *intf, struct ipmi_rq *req) if (getmsg(intf->fd, NULL, &sb, &flags) < 0) { perror("BMC getmsg: "); free(sb.buf); + sb.buf = NULL; return (NULL); } @@ -268,6 +271,7 @@ ipmi_bmc_send_cmd_putmsg(struct ipmi_intf *intf, struct ipmi_rq *req) } free(sb.buf); + sb.buf = NULL; return (ret); } diff --git a/ipmitool/src/plugins/lan/lan.c b/ipmitool/src/plugins/lan/lan.c index d371151..77f3068 100644 --- a/ipmitool/src/plugins/lan/lan.c +++ b/ipmitool/src/plugins/lan/lan.c @@ -173,9 +173,12 @@ ipmi_req_remove_entry(uint8_t seq, uint8_t cmd) else ipmi_req_entries_tail = NULL; } - if (e->msg_data) + if (e->msg_data) { free(e->msg_data); + e->msg_data = NULL; + } free(e); + e = NULL; } } @@ -194,6 +197,7 @@ ipmi_req_clear_entries(void) e = p; } else { free(e); + e = NULL; break; } } @@ -393,6 +397,7 @@ ipmi_lan_ping(struct ipmi_intf * intf) rv = ipmi_lan_send_packet(intf, data, len); free(data); + data = NULL; if (rv < 0) { lprintf(LOG_ERR, "Unable to send IPMI presence ping packet"); @@ -706,8 +711,10 @@ ipmi_lan_build_cmd(struct ipmi_intf * intf, struct ipmi_rq * req, int isRetry) // No need to add once again and we will re-use the existing node. // Only thing we have to do is clear the msg_data as we create // a new one below in the code for it. - if (entry->msg_data) + if (entry->msg_data) { free(entry->msg_data); + entry->msg_data = NULL; + } } else { @@ -1067,8 +1074,10 @@ ipmi_lan_send_rsp(struct ipmi_intf * intf, struct ipmi_rs * rsp) msg = ipmi_lan_build_rsp(intf, rsp, &len); if (len <= 0 || msg == NULL) { lprintf(LOG_ERR, "Invalid response packet"); - if (msg != NULL) + if (msg != NULL) { free(msg); + msg = NULL; + } return -1; } @@ -1077,13 +1086,17 @@ ipmi_lan_send_rsp(struct ipmi_intf * intf, struct ipmi_rs * rsp) intf->session->addrlen); if (rv < 0) { lprintf(LOG_ERR, "Packet send failed"); - if (msg != NULL) + if (msg != NULL) { free(msg); + msg = NULL; + } return -1; } - if (msg != NULL) + if (msg != NULL) { free(msg); + msg = NULL; + } return 0; } @@ -1233,8 +1246,10 @@ ipmi_lan_send_sol_payload(struct ipmi_intf * intf, msg = ipmi_lan_build_sol_msg(intf, payload, &len); if (len <= 0 || msg == NULL) { lprintf(LOG_ERR, "Invalid SOL payload packet"); - if (msg != NULL) + if (msg != NULL) { free(msg); + msg = NULL; + } return NULL; } @@ -1279,8 +1294,10 @@ ipmi_lan_send_sol_payload(struct ipmi_intf * intf, } } - if (msg != NULL) + if (msg != NULL) { free(msg); + msg = NULL; + } return rsp; } diff --git a/ipmitool/src/plugins/lanplus/lanplus.c b/ipmitool/src/plugins/lanplus/lanplus.c index a90062f..4288224 100644 --- a/ipmitool/src/plugins/lanplus/lanplus.c +++ b/ipmitool/src/plugins/lanplus/lanplus.c @@ -349,9 +349,12 @@ ipmi_req_remove_entry(uint8_t seq, uint8_t cmd) ipmi_req_entries_tail = NULL; } - if (e->msg_data) + if (e->msg_data) { free(e->msg_data); + e->msg_data = NULL; + } free(e); + e = NULL; } } @@ -564,6 +567,7 @@ ipmiv2_lan_ping(struct ipmi_intf * intf) rv = ipmi_lan_send_packet(intf, data, len); free(data); + data = NULL; if (rv < 0) { lprintf(LOG_ERR, "Unable to send IPMI presence ping packet"); @@ -1707,6 +1711,7 @@ ipmi_lanplus_build_v2x_msg( lprintf(LOG_ERR, "unsupported payload type 0x%x", payload->payload_type); free(msg); + msg = NULL; assert(0); break; } @@ -2313,6 +2318,7 @@ ipmi_lanplus_send_payload( case IPMI_PAYLOAD_TYPE_RAKP_1: case IPMI_PAYLOAD_TYPE_RAKP_3: free(msg_data); + msg_data = NULL; break; } @@ -2794,6 +2800,7 @@ ipmi_lanplus_open_session(struct ipmi_intf * intf) lprintf(LOG_WARNING, "Unsupported cipher suite ID : %d\n", session->cipher_suite_id); free(msg); + msg = NULL; return -1; } @@ -2842,6 +2849,7 @@ ipmi_lanplus_open_session(struct ipmi_intf * intf) rsp = ipmi_lanplus_send_payload(intf, &v2_payload); free(msg); + msg = NULL; if (verbose) lanplus_dump_open_session_response(rsp); @@ -2972,6 +2980,7 @@ ipmi_lanplus_rakp1(struct ipmi_intf * intf) lprintf(LOG_ERR, "ERROR generating random number " "in ipmi_lanplus_rakp1"); free(msg); + msg = NULL; return 1; } memcpy(msg + 8, session->v2_data.console_rand, 16); @@ -3001,6 +3010,7 @@ ipmi_lanplus_rakp1(struct ipmi_intf * intf) "(Exceeds %d characters)", IPMI_MAX_USER_NAME_LENGTH); free(msg); + msg = NULL; return 1; } memcpy(msg + 28, session->username, msg[27]); @@ -3013,6 +3023,7 @@ ipmi_lanplus_rakp1(struct ipmi_intf * intf) rsp = ipmi_lanplus_send_payload(intf, &v2_payload); free(msg); + msg = NULL; if (rsp == NULL) { @@ -3136,6 +3147,7 @@ ipmi_lanplus_rakp3(struct ipmi_intf * intf) /* Error */ lprintf(LOG_INFO, "> Error generating RAKP 3 authcode"); free(msg); + msg = NULL; return 1; } else @@ -3150,6 +3162,7 @@ ipmi_lanplus_rakp3(struct ipmi_intf * intf) /* Error */ lprintf(LOG_INFO, "> Error generating session integrity key"); free(msg); + msg = NULL; return 1; } else if (lanplus_generate_k1(session)) @@ -3157,6 +3170,7 @@ ipmi_lanplus_rakp3(struct ipmi_intf * intf) /* Error */ lprintf(LOG_INFO, "> Error generating K1 key"); free(msg); + msg = NULL; return 1; } else if (lanplus_generate_k2(session)) @@ -3164,6 +3178,7 @@ ipmi_lanplus_rakp3(struct ipmi_intf * intf) /* Error */ lprintf(LOG_INFO, "> Error generating K1 key"); free(msg); + msg = NULL; return 1; } } @@ -3172,6 +3187,7 @@ ipmi_lanplus_rakp3(struct ipmi_intf * intf) rsp = ipmi_lanplus_send_payload(intf, &v2_payload); free(msg); + msg = NULL; if (session->v2_data.rakp2_return_code != IPMI_RAKP_STATUS_NO_ERRORS) { @@ -3242,8 +3258,10 @@ ipmi_lanplus_close(struct ipmi_intf * intf) ipmi_req_clear_entries(); - if (intf->session) + if (intf->session) { free(intf->session); + intf->session = NULL; + } intf->session = NULL; intf->opened = 0; diff --git a/ipmitool/src/plugins/lanplus/lanplus_crypt.c b/ipmitool/src/plugins/lanplus/lanplus_crypt.c index 1669d92..16a5849 100644 --- a/ipmitool/src/plugins/lanplus/lanplus_crypt.c +++ b/ipmitool/src/plugins/lanplus/lanplus_crypt.c @@ -178,6 +178,7 @@ int lanplus_rakp2_hmac_matches(const struct ipmi_session * session, &macLength); free(buffer); + buffer = NULL; if (verbose > 2) @@ -310,6 +311,7 @@ int lanplus_rakp4_hmac_matches(const struct ipmi_session * session, free(buffer); + buffer = NULL; assert(macLength == 20); return (memcmp(bmc_mac, mac, 12) == 0); } @@ -425,6 +427,7 @@ int lanplus_generate_rakp3_authcode(uint8_t * output_buffer free(input_buffer); + input_buffer = NULL; return ret; } @@ -549,6 +552,7 @@ int lanplus_generate_sik(struct ipmi_session * session) &mac_length); free(input_buffer); + input_buffer = NULL; assert(mac_length == 20); /* @@ -719,8 +723,10 @@ int lanplus_encrypt_payload(uint8_t crypt_alg, if (lanplus_rand(output, IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE)) { lprintf(LOG_ERR, "lanplus_encrypt_payload: Error generating IV"); - if (padded_input != NULL) + if (padded_input != NULL) { free(padded_input); + padded_input = NULL; + } return 1; } @@ -741,6 +747,7 @@ int lanplus_encrypt_payload(uint8_t crypt_alg, bytes_encrypted; free(padded_input); + padded_input = NULL; return 0; } @@ -904,5 +911,6 @@ int lanplus_decrypt_payload(uint8_t crypt_alg, } free(decrypted_payload); + decrypted_payload = NULL; return (bytes_decrypted == 0); } diff --git a/ipmitool/src/plugins/open/open.c b/ipmitool/src/plugins/open/open.c index 759a9e0..34cb10c 100644 --- a/ipmitool/src/plugins/open/open.c +++ b/ipmitool/src/plugins/open/open.c @@ -272,8 +272,10 @@ ipmi_openipmi_send_cmd(struct ipmi_intf * intf, struct ipmi_rq * req) if (ioctl(intf->fd, IPMICTL_SEND_COMMAND, &_req) < 0) { lperror(LOG_ERR, "Unable to send command"); - if (data != NULL) + if (data != NULL) { free(data); + data = NULL; + } return NULL; } @@ -282,8 +284,10 @@ ipmi_openipmi_send_cmd(struct ipmi_intf * intf, struct ipmi_rq * req) */ if (intf->noanswer) { - if (data != NULL) + if (data != NULL) { free(data); + data = NULL; + } return NULL; } @@ -292,14 +296,18 @@ ipmi_openipmi_send_cmd(struct ipmi_intf * intf, struct ipmi_rq * req) if (select(intf->fd+1, &rset, NULL, NULL, NULL) < 0) { lperror(LOG_ERR, "I/O Error"); - if (data != NULL) + if (data != NULL) { free(data); + data = NULL; + } return NULL; } if (FD_ISSET(intf->fd, &rset) == 0) { lprintf(LOG_ERR, "No data available"); - if (data != NULL) + if (data != NULL) { free(data); + data = NULL; + } return NULL; } @@ -312,8 +320,10 @@ ipmi_openipmi_send_cmd(struct ipmi_intf * intf, struct ipmi_rq * req) if (ioctl(intf->fd, IPMICTL_RECEIVE_MSG_TRUNC, &recv) < 0) { lperror(LOG_ERR, "Error receiving message"); if (errno != EMSGSIZE) { - if (data != NULL) - free(data); + if (data != NULL) { + free(data); + data = NULL; + } return NULL; } } @@ -372,8 +382,10 @@ ipmi_openipmi_send_cmd(struct ipmi_intf * intf, struct ipmi_rq * req) rsp.data[recv.msg.data_len] = 0; } - if (data != NULL) + if (data != NULL) { free(data); + data = NULL; + } return &rsp; }