[libvirt] Power Hypervisor: Fix potential segfault and memleak in phypOpen

Matthias Bolte matthias.bolte at googlemail.com
Thu Aug 20 11:07:37 UTC 2009


2009/8/20 Chris Lalancette <clalance at redhat.com>:
> Matthias Bolte wrote:
>> Hi,
>>
>> I came across this line in the phypOpen function:
>>
>> char string[strlen(conn->uri->path)];
>>
>> Here the path part of the given URI is used without checking it for
>> NULL, this can cause a segfault as strlen expects a string != NULL.
>> Beside that uuid_db and connection_data leak in case of an error.
>>
>> In this line
>>
>> conn->uri->path = string;
>>
>> the original path of the URI leaks. The patch adds a VIR_FREE call
>> before setting the new path.
>>
>> The attached patch is compile-tested but I don't have a Power
>> Hypervisor installation at hand to test it for real.
>
> I've now committed this patch (with some slight munging to get it to apply to
> recent libvirt.git).
>
> Thanks,
> --
> Chris Lalancette
>

Well, you should have applied version 2 of this patch, because version
1 was invalidated by changes to escape_specialcharacters(). It now
takes a length argument, but string isn't an array anymore (but a char
pointer), so sizeof(string) does no longer the right thing:

escape_specialcharacters(conn->uri->path, string, sizeof(string))

I attached patch version 2 again.

Matthias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: phyp_fix_segfault_and_memleak_in_phypOpen_v2.patch
Type: text/x-diff
Size: 2644 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090820/e2f5ef73/attachment-0001.bin>


More information about the libvir-list mailing list