From f80f838b2f54738937ef1281b237710132195c44 Mon Sep 17 00:00:00 2001
From: David Lamparter <equinox@opensourcerouting.org>
Date: Wed, 4 Jun 2014 01:00:51 +0200
Subject: [PATCH] bgpd: fix memory leak on malformed attribute

When bgp_attr_parse returns BGP_ATTR_PARSE_ERROR, it may already have
parsed and allocated some attributes before hitting that error.  Free
the attr's data before returning.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
---
 bgpd/bgp_packet.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index 80651f1..65c6cac 100644
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -1720,7 +1720,10 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
       attr_parse_ret = bgp_attr_parse (peer, &attr, attribute_len, 
 			    &mp_update, &mp_withdraw);
       if (attr_parse_ret == BGP_ATTR_PARSE_ERROR)
-	return -1;
+	{
+	  bgp_attr_unintern_sub (&attr);
+	  return -1;
+	}
     }
   
   /* Logging the attribute. */
-- 
2.0.1