[libvirt] [PATCH v3 2/3] conf: add check if migration_host is a localhost address

Wed Oct 15 09:02:46 UTC 2014

On Wed, 2014-10-15 at 04:46 -0400, John Ferlan wrote: 
> This patch has triggered a Coverity RESOURCE_LEAK (3 actually)
Right, I will make a patch to fix it.

Thank you for catching that.

> 
> On 10/08/2014 09:54 PM, Chen, Fan wrote:
> > On Wed, 2014-10-08 at 12:33 +0200, Ján Tomko wrote: 
> >> On 10/07/2014 06:07 AM, Chen Fan wrote:
> >>>  Signed-off-by: Chen Fan <chen.fan.fnst at cn.fujitsu.com>
> >> diff --git a/src/util/virsocketaddr.c b/src/util/virsocketaddr.c
> >> index 6d36689..a19e3af 100644
> >> --- a/src/util/virsocketaddr.c
> >> +++ b/src/util/virsocketaddr.c
> >> @@ -889,15 +889,24 @@ virSocketAddrNumericFamily(const char *address)
> >>   *          false otherwise
> >>   */
> >>  bool
> >> -virSocketAddrIsNumericLocalhost(const virSocketAddr *addr)
> >> +virSocketAddrIsNumericLocalhost(const char *addr)
> >>  {
> >> +    struct addrinfo *res;
> >>      struct in_addr tmp = { .s_addr = htonl(INADDR_LOOPBACK) };
> >> -    switch (addr->data.stor.ss_family) {
> >> +    struct sockaddr_in *inet4;
> >> +    struct sockaddr_in6 *inet6;
> >> +
> >> +    if (virSocketAddrParseInternal(&res, addr, AF_UNSPEC, false) < 0)
> >> +        return false;
> >> +
> 
> 'res' allocates something that must be free'd
> 
> 
> >> +    switch (res->ai_addr->sa_family) {
> >>      case AF_INET:
> >> -        return memcmp(&addr->data.inet4.sin_addr.s_addr, &tmp.s_addr,
> >> -                      sizeof(addr->data.inet4.sin_addr.s_addr)) == 0;
> >> +        inet4 = (struct sockaddr_in*) res->ai_addr;
> 
> Leak #1
> 
> >> +        return memcmp(&inet4->sin_addr.s_addr, &tmp.s_addr,
> >> +                      sizeof(inet4->sin_addr.s_addr)) == 0;
> >>      case AF_INET6:
> >> -        return IN6_IS_ADDR_LOOPBACK(&addr->data.inet6.sin6_addr);
> >> +        inet6 = (struct sockaddr_in6*) res->ai_addr;
> 
> Leak #2
> 
> >> +        return IN6_IS_ADDR_LOOPBACK(&(inet6->sin6_addr));
> >>      }
> 
> Leak #3
> >>      return false;
> >>
> 
> Other callers will call 'freeaddrinfo(res);'

> 
> In order to resolve - you probably need to create a local ret = false,
> then assign ret = to either memcmp/IN6_IS_ADDR_LOOPBACK return, then
> call freeaddrinfo() before return ret
> 
> John