[libvirt] [PATCH] Fix possible NULL dereference in driver

Thu Apr 14 11:49:29 UTC 2011

If brSetForwardDelay() fails, we go to err1 where we want to access
macTapIfName variable which was just VIR_FREE'd a few lines above.
---
 src/network/bridge_driver.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index ea2bfd4..abde150 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1616,7 +1616,7 @@ networkStartNetworkDaemon(struct network_driver *driver,
     bool v4present = false, v6present = false;
     virErrorPtr save_err = NULL;
     virNetworkIpDefPtr ipdef;
-    char *macTapIfName;
+    char *macTapIfName = NULL;
 
     if (virNetworkObjIsActive(network)) {
         networkReportError(VIR_ERR_OPERATION_INVALID,
@@ -1657,7 +1657,6 @@ networkStartNetworkDaemon(struct network_driver *driver,
             VIR_FREE(macTapIfName);
             goto err0;
         }
-        VIR_FREE(macTapIfName);
     }
 
     /* Set bridge options */
@@ -1687,6 +1686,8 @@ networkStartNetworkDaemon(struct network_driver *driver,
     if (networkAddIptablesRules(driver, network) < 0)
         goto err1;
 
+    VIR_FREE(macTapIfName);
+
     for (ii = 0;
          (ipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, ii));
          ii++) {
-- 
1.7.4.2


