From 8d879e1a6bac47240a232893e914815f781fd4bf Mon Sep 17 00:00:00 2001 From: =?utf8?q?Beno=C3=AEt=20Ganne?= Date: Thu, 27 Jun 2019 17:31:28 +0200 Subject: [PATCH] tap: fix memory errors in create/delete MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If the host interface name is not specified at creation, host_if_name was wrongly set to a stack-allocated variable. Make sure it always points to a heap allocated vector. At deletion time, we must free all allocated vectors. Type:fix Change-Id: I17751f38e95097998d51225fdccbf3ce3c365593 Signed-off-by: Benoît Ganne --- src/vnet/devices/tap/tap.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/vnet/devices/tap/tap.c b/src/vnet/devices/tap/tap.c index 8dc798a3cb3..38ac0f93682 100644 --- a/src/vnet/devices/tap/tap.c +++ b/src/vnet/devices/tap/tap.c @@ -208,7 +208,7 @@ tap_create_if (vlib_main_t * vm, tap_create_if_args_t * args) vif->ifindex = if_nametoindex (ifr.ifr_ifrn.ifrn_name); if (!args->host_if_name) - args->host_if_name = (u8 *) ifr.ifr_ifrn.ifrn_name; + args->host_if_name = format (0, "%s", ifr.ifr_ifrn.ifrn_name); unsigned int offload = 0; hdrsz = sizeof (struct virtio_net_hdr_v1); @@ -546,6 +546,10 @@ tap_delete_if (vlib_main_t * vm, u32 sw_if_index) vec_free (vif->rxq_vrings); vec_free (vif->txq_vrings); + vec_free (vif->host_if_name); + vec_free (vif->net_ns); + vec_free (vif->host_bridge); + tm->tap_ids = clib_bitmap_set (tm->tap_ids, vif->id, 0); clib_memset (vif, 0, sizeof (*vif)); pool_put (mm->interfaces, vif); -- 2.16.6