From 8ef2fa3d7c0d4f636a0d7b9f1028f78b533926c1 Mon Sep 17 00:00:00 2001
From: nidu-ninja <alnida1505@gmail.com>
Date: Mon, 30 Mar 2026 21:37:00 +0530
Subject: [PATCH] rpcapd: fix daemon_unpackapplyfilter() instruction-memory
 leak

Fix a memory leak in daemon_unpackapplyfilter() where dynamically
allocated BPF instruction memory was not freed before returning.
Reported as Coverity CID 1641537.
---
 CHANGES         |  2 ++
 rpcapd/daemon.c | 19 ++++++++++++++-----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index bb4bdd611e..48c6417450 100644
--- a/CHANGES
+++ b/CHANGES
@@ -66,6 +66,8 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
       rpcapd: Refine SSL options in printusage().
       Fix a possible buffer overflow (Coverity CID 1619148).
       Fix parameter name validation in the configuration file.
+      Fix a memory leak in daemon_unpackapplyfilter() (Coverity CID
+        1641537).
     Documentation:
       Add a README.hurd.md file.
       Cross-reference some man pages better.
diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
index 953be4a1bd..2b279b42b7 100644
--- a/rpcapd/daemon.c
+++ b/rpcapd/daemon.c
@@ -2342,6 +2342,7 @@ daemon_unpackapplyfilter(PCAP_SOCKET sockctrl, SSL *ctrl_ssl, struct session *se
 	struct bpf_insn *bf_insn;
 	struct bpf_program bf_prog;
 	unsigned int i;
+	int ret;
 
 	status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &filter,
 	    sizeof(struct rpcap_filter), plenp, errmsgbuf);
@@ -2385,11 +2386,13 @@ daemon_unpackapplyfilter(PCAP_SOCKET sockctrl, SSL *ctrl_ssl, struct session *se
 		    sizeof(struct rpcap_filterbpf_insn), plenp, errmsgbuf);
 		if (status == -1)
 		{
-			return -1;
+			ret = -1;
+			goto cleanup;
 		}
 		if (status == -2)
 		{
-			return -2;
+			ret = -2;
+			goto cleanup;
 		}
 
 		bf_insn->code = ntohs(insn.code);
@@ -2406,16 +2409,22 @@ daemon_unpackapplyfilter(PCAP_SOCKET sockctrl, SSL *ctrl_ssl, struct session *se
 	if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
 	{
 		snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains invalid instructions");
-		return -2;
+		ret = -2;
+		goto cleanup;
 	}
 
 	if (pcap_setfilter(session->fp, &bf_prog))
 	{
 		snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
-		return -2;
+		ret = -2;
+		goto cleanup;
 	}
 
-	return 0;
+	ret = 0;
+
+cleanup:
+	free(bf_prog.bf_insns);
+	return ret;
 }
 
 static int