From 2450cf4c0f3b366f5c48c3690b233e27b835b5aa Mon Sep 17 00:00:00 2001
From: Alexey Zakhlestin <indeyets@php.net>
Date: Sat, 6 Sep 2008 08:18:38 +0000
Subject: [PATCH] MFB: Fixed bug #45405 (snmp extension memory leak)

---
 NEWS            |  2 ++
 ext/snmp/snmp.c | 10 +++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 49dba5e0bb..1e948940b2 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,8 @@ PHP                                                                        NEWS
 - Fixed a crash on invalid method in ReflectionParameter constructor.
   (Christian Seiler)
 
+- Fixed bug #45405 (snmp extension memory leak). (Federico Cuello, Rodrigo
+  Campos)
 - Fixed bug #45956 (parse_ini_file() does not return false with syntax errors
   in parsed file). (Jani)
 - Fixed bug #45862 (get_class_vars is inconsistent with 'protected' and 
diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
index 936103d074..917ffb62c8 100644
--- a/ext/snmp/snmp.c
+++ b/ext/snmp/snmp.c
@@ -417,13 +417,13 @@ static void php_snmp_internal(INTERNAL_FUNCTION_PARAMETERS, int st,
 	while (keepwalking) {
 		keepwalking = 0;
 		if ((st == SNMP_CMD_GET) || (st == SNMP_CMD_GETNEXT)) {
-			pdu = snmp_pdu_create((st == SNMP_CMD_GET) ? SNMP_MSG_GET : SNMP_MSG_GETNEXT);
 			name_length = MAX_OID_LEN;
 			if (!snmp_parse_oid(objid, name, &name_length)) {
 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid object identifier: %s", objid);
 				snmp_close(ss);
 				RETURN_FALSE;
 			}
+			pdu = snmp_pdu_create((st == SNMP_CMD_GET) ? SNMP_MSG_GET : SNMP_MSG_GETNEXT);
 			snmp_add_null_var(pdu, name, name_length);
 		} else if (st == SNMP_CMD_SET) {
 			pdu = snmp_pdu_create(SNMP_MSG_SET);
@@ -434,6 +434,7 @@ static void php_snmp_internal(INTERNAL_FUNCTION_PARAMETERS, int st,
 				sprint_objid(buf, name, name_length);
 #endif
 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not add variable: %s %c %s", buf, type, value);
+				snmp_free_pdu(pdu);
 				snmp_close(ss);
 				RETURN_FALSE;
 			}
@@ -467,11 +468,13 @@ retry:
 						*return_value = *snmpval;
 						zval_copy_ctor(return_value);
 						zval_ptr_dtor(&snmpval);
+						snmp_free_pdu(response);
 						snmp_close(ss);
 						return;
 					} else if (st == SNMP_CMD_GETNEXT) {
 						*return_value = *snmpval;
 						zval_copy_ctor(return_value);
+						snmp_free_pdu(response);
 						snmp_close(ss);
 						return;
 					} else if (st == SNMP_CMD_WALK) {
@@ -510,23 +513,28 @@ retry:
 					}
 					if (st == SNMP_CMD_GET) {
 						if ((pdu = snmp_fix_pdu(response, SNMP_MSG_GET)) != NULL) {
+							snmp_free_pdu(response);
 							goto retry;
 						}
 					} else if (st == SNMP_CMD_SET) {
 						if ((pdu = snmp_fix_pdu(response, SNMP_MSG_SET)) != NULL) {
+							snmp_free_pdu(response);
 							goto retry;
 						}
 					} else if (st == SNMP_CMD_GETNEXT) {
 						if ((pdu = snmp_fix_pdu(response, SNMP_MSG_GETNEXT)) != NULL) {
+							snmp_free_pdu(response);
 							goto retry;
 						}
 					} else if (st >= SNMP_CMD_WALK) { /* Here we do walks. */
 						if ((pdu = snmp_fix_pdu(response, ((session->version == SNMP_VERSION_1)
 										? SNMP_MSG_GETNEXT
 										: SNMP_MSG_GETBULK))) != NULL) {
+							snmp_free_pdu(response);
 							goto retry;
 						}
 					}
+					snmp_free_pdu(response);
 					snmp_close(ss);
 					if (st == SNMP_CMD_WALK || st == SNMP_CMD_REALWALK) {
 						zval_dtor(return_value);
-- 
2.50.1