File 0001-ofp-util-Fix-memory-leaks-when-parsing-OF1.5-group-p.patch of Package openvswitch

From 5bfda06f3292de427bcef3bf05150009a89a7ed6 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@ovn.org>
Date: Thu, 21 Sep 2017 09:59:58 -0700
Subject: [PATCH] ofp-util: Fix memory leaks when parsing OF1.5 group
 properties.

Found by libFuzzer.

Reported-by: Bhargava Shastry <bshastry@sec.t-labs.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
---
 lib/ofp-util.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/lib/ofp-util.c b/lib/ofp-util.c
index 24b5c243c..5248430a2 100644
--- a/lib/ofp-util.c
+++ b/lib/ofp-util.c
@@ -9133,8 +9133,13 @@ ofputil_decode_ofp15_group_desc_reply(struct ofputil_group_desc *gd,
      * Such properties are valid for group desc replies so
      * claim that the group mod command is OFPGC15_ADD to
      * satisfy the check in parse_group_prop_ntr_selection_method() */
-    return parse_ofp15_group_properties(msg, gd->type, OFPGC15_ADD, &gd->props,
-                                        length - sizeof *ogds - bucket_list_len);
+    error = parse_ofp15_group_properties(
+        msg, gd->type, OFPGC15_ADD, &gd->props,
+        length - sizeof *ogds - bucket_list_len);
+    if (error) {
+        ofputil_bucket_list_destroy(&gd->buckets);
+    }
+    return error;
 }
 
 /* Converts a group description reply in 'msg' into an abstract
@@ -9432,8 +9437,12 @@ ofputil_pull_ofp15_group_mod(struct ofpbuf *msg, enum ofp_version ofp_version,
         return error;
     }
 
-    return parse_ofp15_group_properties(msg, gm->type, gm->command, &gm->props,
-                                        msg->size);
+    error = parse_ofp15_group_properties(msg, gm->type, gm->command,
+                                         &gm->props, msg->size);
+    if (error) {
+        ofputil_bucket_list_destroy(&gm->buckets);
+    }
+    return error;
 }
 
 static enum ofperr
-- 
2.15.0