From 3cd56e92d4fa0fd2957094f3f46bf0e6d59cdbd5 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 6 May 2021 18:25:48 +0200
Subject: [PATCH] libnm: fix leak in nm_utils_tc_tfilter_from_str()

Found by Coverity:

  Error: RESOURCE_LEAK (CWE-772):
  NetworkManager-1.31.3/src/libnm-core-impl/nm-utils.c:2772: alloc_fn: Storage is returned from allocation function "nm_utils_tc_action_from_str".
  NetworkManager-1.31.3/src/libnm-core-impl/nm-utils.c:2772: var_assign: Assigning: "action" = storage returned from "nm_utils_tc_action_from_str(extra_opts, error)".
  NetworkManager-1.31.3/src/libnm-core-impl/nm-utils.c:2785: leaked_storage: Variable "action" going out of scope leaks the storage it points to.
  # 2783|       tfilter = nm_tc_tfilter_new(kind, parent, error);
  # 2784|       if (!tfilter)
  # 2785|->         return NULL;
  # 2786|
  # 2787|       nm_tc_tfilter_set_handle(tfilter, handle);

Fixes: de41c45e616c ('libnm-core: add functionality for dealing with tc-style traffic filter specifiers')
---
 src/libnm-core-impl/nm-utils.c | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/src/libnm-core-impl/nm-utils.c b/src/libnm-core-impl/nm-utils.c
index 1d2c216a5b..b606aaa39f 100644
--- a/src/libnm-core-impl/nm-utils.c
+++ b/src/libnm-core-impl/nm-utils.c
@@ -2738,14 +2738,14 @@ static const NMVariantAttributeSpec *const tc_tfilter_attribute_spec[] = {
 NMTCTfilter *
 nm_utils_tc_tfilter_from_str(const char *str, GError **error)
 {
-    guint32            handle         = TC_H_UNSPEC;
-    guint32            parent         = TC_H_UNSPEC;
-    gs_free char *     kind           = NULL;
-    gs_free char *     rest           = NULL;
-    NMTCAction *       action         = NULL;
-    const char *       extra_opts     = NULL;
-    NMTCTfilter *      tfilter        = NULL;
-    gs_unref_hashtable GHashTable *ht = NULL;
+    guint32                 handle                 = TC_H_UNSPEC;
+    guint32                 parent                 = TC_H_UNSPEC;
+    gs_free char *          kind                   = NULL;
+    gs_free char *          rest                   = NULL;
+    nm_auto_unref_tc_action NMTCAction *action     = NULL;
+    const char *                        extra_opts = NULL;
+    NMTCTfilter *                       tfilter    = NULL;
+    gs_unref_hashtable GHashTable *ht              = NULL;
     GVariant *                     variant;
 
     nm_assert(str);
@@ -2785,10 +2785,8 @@ nm_utils_tc_tfilter_from_str(const char *str, GError **error)
         return NULL;
 
     nm_tc_tfilter_set_handle(tfilter, handle);
-    if (action) {
+    if (action)
         nm_tc_tfilter_set_action(tfilter, action);
-        nm_tc_action_unref(action);
-    }
 
     return tfilter;
 }