rconn: Avoid memory leak in rconn_send_with_limit() on queue overflow.

Bug #14357. Reported-by: Luca Giraudo <lgiraudo@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
author: Ben Pfaff <blp@nicira.com> 2013-01-07 14:51:06 -0800
committer: Ben Pfaff <blp@nicira.com> 2013-01-07 14:51:06 -0800
commit: 3f0cedd5947103299bf482a921c745856b208d0e (patch)
tree: 59b5b2c3e08db5c0d78178178e30d241312b8dd0
parent: 7d773e831414e13515a84a412783cdd9dcaa3378 (diff)
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/rconn.c b/lib/rconn.c
index 603175bd..0d3cfecb 100644
--- a/lib/rconn.c
+++ b/lib/rconn.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -620,12 +620,13 @@ int
 rconn_send_with_limit(struct rconn *rc, struct ofpbuf *b,
                       struct rconn_packet_counter *counter, int queue_limit)
 {
-    int retval;
-    retval = counter->n >= queue_limit ? EAGAIN : rconn_send(rc, b, counter);
-    if (retval) {
+    if (counter->n < queue_limit) {
+        return rconn_send(rc, b, counter);
+    } else {
         COVERAGE_INC(rconn_overflow);
+        ofpbuf_delete(b);
+        return EAGAIN;
     }
-    return retval;
 }
 
 /* Returns the total number of packets successfully sent on the underlying
author	Ben Pfaff <blp@nicira.com>	2013-01-07 14:51:06 -0800
committer	Ben Pfaff <blp@nicira.com>	2013-01-07 14:51:06 -0800
commit	3f0cedd5947103299bf482a921c745856b208d0e (patch)
tree	59b5b2c3e08db5c0d78178178e30d241312b8dd0
parent	7d773e831414e13515a84a412783cdd9dcaa3378 (diff)