CID-3809: move up the initialization of `fr' as we can jump to junkput: if

fr_inobj() fails. junkput: will then check the value of `fr' which is at this time uninitialized. CID-3803: don't leak `ipn' upon return ok christos@
2006-12-27 18:28:54 +00:00 · 2006-12-27 18:28:54 +00:00 · ea827cc550
commit ea827cc550
parent 980fc49cd5
1 changed files with 5 additions and 3 deletions
--- a/sys/dist/ipf/netinet/ip_nat.c
+++ b/sys/dist/ipf/netinet/ip_nat.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ip_nat.c,v 1.19 2006/11/16 01:33:34 christos Exp $	*/
+/*	$NetBSD: ip_nat.c,v 1.20 2006/12/27 18:28:54 alc Exp $	*/

 /*
 * Copyright (C) 1995-2003 by Darren Reed.
@ -1288,6 +1288,7 @@ int getlock;
 	nat = NULL;
 	ipnn = NULL;
 	fin = NULL;
+	fr = NULL;

 	KMALLOC(ipn, nat_save_t *);
 	if (ipn == NULL)
@ -1301,7 +1302,6 @@ int getlock;
 	 * New entry, copy in the rest of the NAT entry if it's size is more
 	 * than just the nat_t structure.
 	 */
-	fr = NULL;
 	if (ipn->ipn_dsize > sizeof(*ipn)) {
 		if (ipn->ipn_dsize > 81920) {
 			error = ENOMEM;
@ -1309,8 +1309,10 @@ int getlock;
 		}

 		KMALLOCS(ipnn, nat_save_t *, ipn->ipn_dsize);
-		if (ipnn == NULL)
+		if (ipnn == NULL) {
+			KFREE(ipn);
 			return ENOMEM;
+		}

 		error = fr_inobjsz(data, ipnn, IPFOBJ_NATSAVE, ipn->ipn_dsize);
 		if (error != 0) {