Applied
On Mon, 2020-11-09 at 20:21 -0800, Inga Stotland wrote:
> This fixes a potential NULL pointer dereferencing in mesh_model_pub_set()
> when virtual address publication cannot be successfully stored.
> Also, fix a minor memory leak that may occur on unsuccessful model
> initialization from storage.
> ---
> mesh/model.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/mesh/model.c b/mesh/model.c
> index c8eb8c607..82078ed85 100644
> --- a/mesh/model.c
> +++ b/mesh/model.c
> @@ -1091,11 +1091,11 @@ int mesh_model_pub_set(struct mesh_node *node, uint16_t addr, uint32_t id,
> status = set_virt_pub(mod, pub_addr, idx, cred_flag, ttl,
> period, cnt, interval);
>
> - *pub_dst = mod->pub->addr;
> -
> if (status != MESH_STATUS_SUCCESS)
> return status;
>
> + *pub_dst = mod->pub->addr;
> +
> if (!mod->cbs)
> /* External model */
> config_update_model_pub_period(node, ele_idx, id,
> @@ -1639,8 +1639,10 @@ static struct mesh_model *model_setup(struct mesh_net *net, uint8_t ele_idx,
> /* Implicitly bind config server model to device key */
> if (db_mod->id == CONFIG_SRV_MODEL) {
>
> - if (ele_idx != PRIMARY_ELE_IDX)
> + if (ele_idx != PRIMARY_ELE_IDX) {
> + l_free(mod);
> return NULL;
> + }
>
> l_queue_push_head(mod->bindings,
> L_UINT_TO_PTR(APP_IDX_DEV_LOCAL));
