Browse code

- fixed a possible mem. not freed bug on error

Andrei Pelinescu-Onciul authored on 06/08/2002 14:26:09
Showing 1 changed files
... ...
@@ -507,7 +507,7 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,
507 507
 	msg->via1->host.s[msg->via1->host.len] = 0;
508 508
 	if (check_address(&msg->src_ip, msg->via1->host.s, received_dns)!=0){
509 509
 		if ((received_buf=received_builder(msg,&received_len))==0)
510
-			goto error;
510
+			goto error1; /* free also line_buf */
511 511
 	}
512 512
 	msg->via1->host.s[msg->via1->host.len] = backup;
513 513
 
... ...
@@ -515,9 +515,9 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,
515 515
 	/* try to add it before msg. 1st via */
516 516
 	/* add first via, as an anchor for second via*/
517 517
 	anchor=anchor_lump(&(msg->add_rm), msg->via1->hdr.s-buf, 0, HDR_VIA);
518
-	if (anchor==0) goto error;
518
+	if (anchor==0) goto error1;
519 519
 	if (insert_new_lump_before(anchor, line_buf, via_len, HDR_VIA)==0)
520
-		goto error;
520
+		goto error1; /* free also line_buf*/
521 521
 	/* if received needs to be added, add anchor after host and add it */
522 522
 	if (received_len){
523 523
 		if (msg->via1->params.s){
... ...
@@ -535,9 +535,9 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,
535 535
 		}
536 536
 		anchor=anchor_lump(&(msg->add_rm),msg->via1->hdr.s-buf+size,0,
537 537
 				HDR_VIA);
538
-		if (anchor==0) goto error;
538
+		if (anchor==0) goto error2; /* free also received_buf */
539 539
 		if (insert_new_lump_after(anchor, received_buf, received_len, HDR_VIA)
540
-				==0 ) goto error;
540
+				==0 ) goto error2; /* free also received_buf */
541 541
 	}
542 542
 
543 543
 	/* compute new msg len and fix overlapping zones*/
... ...
@@ -577,8 +577,9 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,
577 577
 	return new_buf;
578 578
 
579 579
 error1:
580
-	if (received_buf) pkg_free(received_buf);
581 580
 	if (line_buf) pkg_free(line_buf);
581
+error2:
582
+	if (received_buf) pkg_free(received_buf);
582 583
 error:
583 584
 	if (new_buf) local_free(new_buf);
584 585
 	*returned_len=0;