#282 lanplus memory leak

[Zdenek Styblik]

Pat Donlin

I was investigating a problem with lanplus failing to authenticate on a
problem board. The problem was acute slowness in the BMC in responding
to the sequence of authentication request/response in
ipmi_lanplus_send_payload() causing 2-3 retries. While trying to isolate
this, a test with valgrind exposed a problem that ended up solving my
failure. The struct ipmi_rq entry is allocated by
ipmi_lanplus_build_v2x_ipmi_cmd, yet on retry this allocated struct is
never freed. By making this change I was able to solve my board problem.
Why this free causes my test case to work I am not able to determine
since this suggests usage of stale data, yet I could not track that down.

diff -u
~pjd/src/ipmitool/temp/ipmitool-1.8.13/src/plugins/lanplus/lanplus.c lanplus.c
---
/home/estes01/pjd/src/ipmitool/temp/ipmitool-1.8.13/src/plugins/lanplus/lanplus.c
2013-07-15 23:17:39.000000000 -0500
+++ lanplus.c    2013-10-11 07:54:32.694024069 -0500
@@ -2099,6 +2099,7 @@
       uint8_t             * msg_data;
       int                   msg_length;
       struct ipmi_session * session = intf->session;
+       struct ipmi_rq_entry * entry = NULL;
       int                   try = 0;
       int                   xmit = 1;
       time_t                ltime;
@@ -2123,7 +2124,6 @@
                   /*
                    * Build an IPMI v1.5 or v2 command
                    */
-                   struct ipmi_rq_entry * entry;
                   struct ipmi_rq * ipmi_request = payload->payload.ipmi_request.request;
                   lprintf(LOG_DEBUG, "");
@@ -2304,6 +2304,9 @@

               if (rsp)
                   break;
+               // req timed out, remove entry
+               if ((payload->payload_type == IPMI_PAYLOAD_TYPE_IPMI) && entry)
+                   ipmi_req_remove_entry( entry->rq_seq, entry->req.msg.cmd);
           }

           /* only timeout if time exceeds the timeout value */