Services layer: memory leak in case of malformed packets
Description
In case of malformed OPC UA messages (invalid message type id) or unsupported content (request id == 0), the message is ignored and a memory leak occurs.
Analysis
-
In the above-mentioned cases in
io_dispatch_mgr:receive_msg_buffer
, the message input buffer is not de-allocated whereas it should be. The buffer is only de-allocated once one of the following operations are called for a request:service_mgr:server_receive_session_treatment_req
,service_mgr:server_receive_session_service_req
,service_mgr:server_receive_discovery_service_req
and for a response:service_mgr:client_receive_session_treatment_resp
,service_mgr:client_receive_session_service_resp
,service_mgr:client_receive_discovery_service_resp
-
Moreover request id 0 should be supported since
The RequestId only needs to be verified by the Client since only the Client knows if it is valid or not.
=> issue #1433 created
Implementation
The io_dispatch_mgr:receive_msg_buffer
should be in charge of input buffer deallocation to guarantee it is done in any case whereas sub-operations shall only be in charge to return a read/error buffer state.