shm sub BUGFIX safe xpath collect

Pointers to ext SHM are not safe.

Author: michalvasko

src/modinfo.c

@@ -754,7 +754,7 @@ sr_modinfo_oper_notify_diff(struct sr_mod_info_s *mod_info, struct lyd_node **ol
     struct sr_mod_info_mod_s *mod;
     struct lyd_node *new_mod_data = NULL, *old_mod_data = NULL, *diff;
     uint32_t i;
-    const char **xpaths = NULL;
+    char **xpaths = NULL;
 
     assert(!mod_info->notify_diff && !mod_info->data_cached);
 
@@ -782,7 +782,7 @@ sr_modinfo_oper_notify_diff(struct sr_mod_info_s *mod_info, struct lyd_node **ol
             xpaths = NULL;
 
             /* merge also any stored data used in change subscription xpath filters so they can be correctly evaluated */
-            if ((err_info = sr_shmsub_change_collect_xpath(mod_info->conn, mod->shm_mod, SR_DS_OPERATIONAL, &xpaths))) {
+            if ((err_info = sr_shmsub_change_xpath_collect(mod_info->conn, mod->shm_mod, SR_DS_OPERATIONAL, &xpaths))) {
                 goto cleanup;
             }
             if ((err_info = sr_xpath_merge_pred_diff(new_mod_data, (const char **)xpaths, &mod_info->notify_diff))) {
@@ -804,7 +804,7 @@ sr_modinfo_oper_notify_diff(struct sr_mod_info_s *mod_info, struct lyd_node **ol
 cleanup:
     lyd_free_all(new_mod_data);
     lyd_free_all(old_mod_data);
-    free(xpaths);
+    sr_shmsub_change_xpath_free(xpaths);
     return err_info;
 }
 
@@ -3494,23 +3494,23 @@ sr_error_info_t *
 sr_modinfo_change_diff_merge_pred_data(struct sr_mod_info_s *mod_info)
 {
     sr_error_info_t *err_info = NULL;
-    const char **xpaths = NULL;
+    char **xpaths = NULL;
     uint32_t i;
 
     /* collect all the xpaths of the subscriptions */
     for (i = 0; i < mod_info->mod_count; ++i) {
-        if ((err_info = sr_shmsub_change_collect_xpath(mod_info->conn, mod_info->mods[i].shm_mod, mod_info->ds, &xpaths))) {
+        if ((err_info = sr_shmsub_change_xpath_collect(mod_info->conn, mod_info->mods[i].shm_mod, mod_info->ds, &xpaths))) {
             goto cleanup;
         }
     }
 
     /* merge all the required data into the diff */
-    if ((err_info = sr_xpath_merge_pred_diff(mod_info->data, xpaths, &mod_info->notify_diff))) {
+    if ((err_info = sr_xpath_merge_pred_diff(mod_info->data, (const char **)xpaths, &mod_info->notify_diff))) {
         goto cleanup;
     }
 
 cleanup:
-    free(xpaths);
+    sr_shmsub_change_xpath_free(xpaths);
     return err_info;
 }
 

src/shm_sub.c

@@ -2209,7 +2209,7 @@ sr_shmsub_change_notify_change_abort(struct sr_mod_info_s *mod_info, const char
 }
 
 sr_error_info_t *
-sr_shmsub_change_collect_xpath(sr_conn_ctx_t *conn, sr_mod_t *shm_mod, sr_datastore_t ds, const char ***xpaths)
+sr_shmsub_change_xpath_collect(sr_conn_ctx_t *conn, sr_mod_t *shm_mod, sr_datastore_t ds, char ***xpaths)
 {
     sr_error_info_t *err_info = NULL;
     sr_mod_change_sub_t *shm_sub;
@@ -2240,7 +2240,9 @@ sr_shmsub_change_collect_xpath(sr_conn_ctx_t *conn, sr_mod_t *shm_mod, sr_datast
         /* add the xpath */
         *xpaths = sr_realloc(*xpaths, (xpath_count + 2) * sizeof **xpaths);
         SR_CHECK_MEM_GOTO(!*xpaths, err_info, cleanup);
-        (*xpaths)[xpath_count++] = conn->ext_shm.addr + shm_sub[i].xpath;
+        (*xpaths)[xpath_count] = strdup(conn->ext_shm.addr + shm_sub[i].xpath);
+        SR_CHECK_MEM_GOTO(!(*xpaths)[xpath_count], err_info, cleanup);
+        xpath_count++;
         (*xpaths)[xpath_count] = NULL;
     }
 
@@ -2251,6 +2253,21 @@ sr_shmsub_change_collect_xpath(sr_conn_ctx_t *conn, sr_mod_t *shm_mod, sr_datast
     return err_info;
 }
 
+void
+sr_shmsub_change_xpath_free(char **xpaths)
+{
+    uint32_t i;
+
+    if (!xpaths) {
+        return;
+    }
+
+    for (i = 0; xpaths[i]; ++i) {
+        free(xpaths[i]);
+    }
+    free(xpaths);
+}
+
 sr_error_info_t *
 sr_shmsub_oper_get_notify(struct sr_mod_info_mod_s *mod, const char *xpath, const char *request_xpath,
         const struct lyd_node *parent, const char *orig_name, const void *orig_data, uint32_t operation_id,

src/shm_sub.h

@@ -170,8 +170,15 @@ sr_error_info_t *sr_shmsub_change_notify_change_abort(struct sr_mod_info_s *mod_
  * @param[in,out] xpaths Array of XPaths terminated by NULL to add to.
  * @return err_info, NULL on success.
  */
-sr_error_info_t *sr_shmsub_change_collect_xpath(sr_conn_ctx_t *conn, sr_mod_t *shm_mod, sr_datastore_t ds,
-        const char ***xpaths);
+sr_error_info_t *sr_shmsub_change_xpath_collect(sr_conn_ctx_t *conn, sr_mod_t *shm_mod, sr_datastore_t ds,
+        char ***xpaths);
+
+/**
+ * @brief Free collected XPath filters of module change subscriptions.
+ *
+ * @param[in] xpaths XPaths array to free.
+ */
+void sr_shmsub_change_xpath_free(char **xpaths);
 
 /**
  * @brief Notify about (generate) an operational get event.