[libvirt] [PATCH] Fix possible NULL dereference in driver
Michal Prívozník
mprivozn at redhat.com
Thu Apr 14 11:54:31 UTC 2011
On 04/14/2011 01:49 PM, Michal Privoznik wrote:
> If brSetForwardDelay() fails, we go to err1 where we want to access
> macTapIfName variable which was just VIR_FREE'd a few lines above.
> ---
> src/network/bridge_driver.c | 5 +++--
> 1 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
> index ea2bfd4..abde150 100644
> --- a/src/network/bridge_driver.c
> +++ b/src/network/bridge_driver.c
> @@ -1616,7 +1616,7 @@ networkStartNetworkDaemon(struct network_driver *driver,
> bool v4present = false, v6present = false;
> virErrorPtr save_err = NULL;
> virNetworkIpDefPtr ipdef;
> - char *macTapIfName;
> + char *macTapIfName = NULL;
>
> if (virNetworkObjIsActive(network)) {
> networkReportError(VIR_ERR_OPERATION_INVALID,
> @@ -1657,7 +1657,6 @@ networkStartNetworkDaemon(struct network_driver *driver,
> VIR_FREE(macTapIfName);
> goto err0;
> }
> - VIR_FREE(macTapIfName);
> }
>
> /* Set bridge options */
> @@ -1687,6 +1686,8 @@ networkStartNetworkDaemon(struct network_driver *driver,
> if (networkAddIptablesRules(driver, network)< 0)
> goto err1;
>
> + VIR_FREE(macTapIfName);
> +
> for (ii = 0;
> (ipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, ii));
> ii++) {
self NAK. leaked macTapIfName;
More information about the libvir-list
mailing list