[libvirt] Power Hypervisor: Fix potential segfault and memleak in phypOpen
Matthias Bolte
matthias.bolte at googlemail.com
Sun Aug 16 09:53:13 UTC 2009
2009/8/14 Eduardo Otubo <otubo at linux.vnet.ibm.com>:
> On Fri, 2009-08-07 at 15:35 +0200, Chris Lalancette wrote:
>> Matthias Bolte wrote:
>> > Hi,
>> >
>> > I came across this line in the phypOpen function:
>> >
>> > char string[strlen(conn->uri->path)];
>> >
>> > Here the path part of the given URI is used without checking it for
>> > NULL, this can cause a segfault as strlen expects a string != NULL.
>>
>> Heh, it's worse than that; there is a check later on for !conn || !conn->uri, so
>> you are potentially de-referencing a NULL pointer.
>>
>> > Beside that uuid_db and connection_data leak in case of an error.
>> >
>> > In this line
>> >
>> > conn->uri->path = string;
>> >
>> > the original path of the URI leaks. The patch adds a VIR_FREE call
>> > before setting the new path.
>> >
>> > The attached patch is compile-tested but I don't have a Power
>> > Hypervisor installation at hand to test it for real.
>>
>> I also don't have a Power Hypervisor, but it looks sane enough to me. I'll say
>> ACK, but it's probably a good idea to get someone who has Power to test it
>> before you commit.
>>
>
> I tested with some Power machines I have over here and it is ACK for me.
>
> []'s
>
A change to escape_specialcharacters() affects this patch, so I
attached a v2 of it. The only change to the first patch is the caching
of strlen(conn->uri->path) + 1 to use it for VIR_ALLOC_N() and
escape_specialcharacters().
Matthias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: phyp_fix_segfault_and_memleak_in_phypOpen_v2.patch
Type: text/x-patch
Size: 2644 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090816/70c0c685/attachment-0001.bin>
More information about the libvir-list
mailing list