From 884c9a8667ee2c0c01a6a46707b8944c5ad6c6af Mon Sep 17 00:00:00 2001 From: Michael Zillgith Date: Wed, 13 Jan 2021 11:00:37 +0100 Subject: [PATCH] - IEC 61850 client: avoid double free when operate and select-with-value on APC fails --- src/iec61850/client/client_control.c | 37 +++++++++++++++++++--------- 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/src/iec61850/client/client_control.c b/src/iec61850/client/client_control.c index 12b5669f..ad31648d 100644 --- a/src/iec61850/client/client_control.c +++ b/src/iec61850/client/client_control.c @@ -523,14 +523,15 @@ ControlObjectClient_operate(ControlObjectClient self, MmsValue* ctlVal, uint64_t MmsValue_update(self->ctlVal, ctlVal); - if (self->analogValue) - MmsValue_setElement(self->analogValue, 0, NULL); - self->opertime = operTime; success = true; exit_function: + + if (self->analogValue) + MmsValue_setElement(self->analogValue, 0, NULL); + return success; } @@ -624,13 +625,14 @@ ControlObjectClient_operateAsync(ControlObjectClient self, IedClientError* err, else { MmsValue_update(self->ctlVal, ctlVal); - if (self->analogValue) - MmsValue_setElement(self->analogValue, 0, NULL); - self->opertime = operTime; } exit_function: + + if (self->analogValue) + MmsValue_setElement(self->analogValue, 0, NULL); + return invokeId; } @@ -703,6 +705,8 @@ prepareSBOwParameters(ControlObjectClient self, MmsValue* ctlVal) bool ControlObjectClient_selectWithValue(ControlObjectClient self, MmsValue* ctlVal) { + bool retVal = true; + resetLastApplError(self); char domainId[65]; @@ -741,22 +745,30 @@ ControlObjectClient_selectWithValue(ControlObjectClient self, MmsValue* ctlVal) if (mmsError != MMS_ERROR_NONE) { if (DEBUG_IED_CLIENT) printf("IED_CLIENT: select-with-value failed!\n"); - return false; + + retVal = false; + + goto exit_function; } else { if (writeResult != DATA_ACCESS_ERROR_SUCCESS) { if (DEBUG_IED_CLIENT) printf("IED_CLIENT: select-with-value failed!\n"); - return false; + + retVal = false; + + goto exit_function; } } MmsValue_update(self->ctlVal, ctlVal); +exit_function: + if (self->analogValue) MmsValue_setElement(self->analogValue, 0, NULL); - return true; + return retVal; } static void @@ -857,12 +869,13 @@ ControlObjectClient_selectWithValueAsync(ControlObjectClient self, IedClientErro } else { MmsValue_update(self->ctlVal, ctlVal); - - if (self->analogValue) - MmsValue_setElement(self->analogValue, 0, NULL); } exit_function: + + if (self->analogValue) + MmsValue_setElement(self->analogValue, 0, NULL); + return invokeId; }