From 49bf78886273d82241de91764ac183541d48ae06 Mon Sep 17 00:00:00 2001
From: Panagiotis Vasilikos <panagiotis.vasilikos@alexandra.dk>
Date: Tue, 28 Jan 2020 16:31:15 +0100
Subject: [PATCH] Memory leak in handle_unsubscribe.c

Reason: In line 70, the memory allocation for the pointer reasons_codes may
result to a memory leak due to the many returns (e.g as the one in line 78)
occuring in the program's path until reaching the mosquitto__free at line 122.

Fix: I added a mosquitto__free(reason_codes) statement before each return
statement that could result to a memory leak

Signed-off-by: Panagiotis Vasilikos <panagiotis.vasilikos@alexandra.dk>
---
 src/handle_unsubscribe.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/handle_unsubscribe.c b/src/handle_unsubscribe.c
index 16ff856d03..df22698381 100644
--- a/src/handle_unsubscribe.c
+++ b/src/handle_unsubscribe.c
@@ -66,9 +66,16 @@ int handle__unsubscribe(struct mosquitto_db *db, struct mosquitto *context)
 		}
 	}
 
+	reason_code_max = 10;
+	reason_codes = mosquitto__malloc(reason_code_max);
+	if(!reason_codes){
+		return MOSQ_ERR_NOMEM;
+	}
+
 	while(context->in_packet.pos < context->in_packet.remaining_length){
 		sub = NULL;
 		if(packet__read_string(&context->in_packet, &sub, &slen)){
+			mosquitto__free(reason_codes);
 			return 1;
 		}
 
@@ -77,6 +84,7 @@ int handle__unsubscribe(struct mosquitto_db *db, struct mosquitto *context)
 					"Empty unsubscription string from %s, disconnecting.",
 					context->id);
 			mosquitto__free(sub);
+			mosquitto_free(reason_codes);
 			return 1;
 		}
 		if(mosquitto_sub_topic_check(sub)){
@@ -84,6 +92,7 @@ int handle__unsubscribe(struct mosquitto_db *db, struct mosquitto *context)
 					"Invalid unsubscription string from %s, disconnecting.",
 					context->id);
 			mosquitto__free(sub);
+			mosquitto__free(reason_codes);
 			return 1;
 		}
 
@@ -91,12 +100,9 @@ int handle__unsubscribe(struct mosquitto_db *db, struct mosquitto *context)
 		rc = sub__remove(db, context, sub, db->subs, &reason);
 		log__printf(NULL, MOSQ_LOG_UNSUBSCRIBE, "%s %s", context->id, sub);
 		mosquitto__free(sub);
-		if(rc) return rc;
-
-		reason_code_max = 10;
-		reason_codes = mosquitto__malloc(reason_code_max);
-		if(!reason_codes){
-			return MOSQ_ERR_NOMEM;
+		if(rc){
+			mosquitto_fee(reason_codes);
+			return rc;
 		}
 
 		reason_codes[reason_code_count] = reason;