[libvirt] [PATCH v2] Fix potential NULL dereference in remoteDomainMigratePrepare2
Eric Blake
eblake at redhat.com
Thu May 13 14:08:57 UTC 2010
On 05/13/2010 02:05 AM, Jiri Denemark wrote:
> ---
> src/remote/remote_driver.c | 19 ++++++++++++++++++-
> 1 files changed, 18 insertions(+), 1 deletions(-)
>
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index 990bfce..80977a3 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -2849,17 +2849,34 @@ remoteDomainMigratePrepare2 (virConnectPtr dconn,
> goto done;
>
> if (ret.cookie.cookie_len > 0) {
> + if (!cookie || !cookielen) {
> + remoteError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("caller ignores cookie or cookielen"));
For a moment, I wondered if VIR_ERR_INVALID_ARG would be any better
here, but decided you probably did the right thing since this is
implementation rather than a direct public API.
> + goto error;
> + }
> *cookie = ret.cookie.cookie_val; /* Caller frees. */
> *cookielen = ret.cookie.cookie_len;
> }
> - if (ret.uri_out)
> + if (ret.uri_out) {
> + if (!uri_out) {
> + remoteError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("caller ignores uri_out"));
> + goto error;
> + }
> *uri_out = *ret.uri_out; /* Caller frees. */
> + }
>
> rv = 0;
>
> done:
> remoteDriverUnlock(priv);
> return rv;
> +error:
> + if (ret.cookie.cookie_len)
> + VIR_FREE(ret.cookie.cookie_val);
> + if (ret.uri_out)
> + VIR_FREE(*ret.uri_out);
> + goto done;
> }
ACK; looks nicer than v1 for diagnosing a logic bug in the caller,
rather than papering over it.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100513/42e78cff/attachment-0001.sig>
More information about the libvir-list
mailing list