Re: [Libvirt-cim] [PATCH] acl_parsing: Fixing potential leaks

# HG changeset patch # User Eduardo Lima (Etrunko)&lt;eblima(a)br.ibm.com&gt; # Date 1313005735 10800 # Node ID 2b1b79a72ab0288d649399118dffce26fd05e066 # Parent 8759e60c17c42101118f914215d071138340c70f acl_parsing: Fixing potential leaks Also adds missing checks for errors in some function calls. As reported in https://bugzilla.redhat.com/show_bug.cgi?id=728245 line 144 - Function cleanup_filter does not free its parameter filter (this causes a lot of Coverity Resource leak warnings). line 397 - Dynamically allocated variable rule is not freed in function parse_acl_filter as a result of line #399. line 630 - Function "malloc" without NULL check. line 659 - Function "malloc" without NULL check. Signed-off-by: Eduardo Lima (Etrunko)&lt;eblima(a)br.ibm.com&gt; diff --git a/libxkutil/acl_parsing.c b/libxkutil/acl_parsing.c --- a/libxkutil/acl_parsing.c +++ b/libxkutil/acl_parsing.c @@ -139,6 +139,7 @@ }; rule->type = UNKNOWN_RULE; + free(rule); } void cleanup_filter(struct acl_filter *filter) @@ -152,10 +153,8 @@ free(filter->name); free(filter->chain); - for (i = 0; i< filter->rule_ct; i++) { + for (i = 0; i< filter->rule_ct; i++) cleanup_rule(filter->rules[i]); - free(filter->rules[i]); - } free(filter->rules); filter->rule_ct = 0; @@ -401,14 +400,16 @@ if (parse_acl_rule(child, rule) == 0) goto err; - append_filter_rule(filter, rule); + if (append_filter_rule(filter, rule) == 0) + goto err; } else if (XSTREQ(child->name, "filterref")) { filter_ref = get_attr_value(child, "filter"); if (filter_ref == NULL) goto err; - append_filter_ref(filter, filter_ref); + if (append_filter_ref(filter, filter_ref) == 0) + goto err; } } @@ -440,14 +441,15 @@ if (xmldoc == NULL) goto err; - *filter = malloc(sizeof(**filter)); + *filter = calloc(1, sizeof(**filter)); if (*filter == NULL) goto err; - memset(*filter, 0, sizeof(**filter)); - parse_acl_filter(xmldoc->children, *filter); - - ret = 1; + ret = parse_acl_filter(xmldoc->children, *filter); + if (ret == 0) { + free(*filter); + *filter = NULL; + } err: xmlSetGenericErrorFunc(NULL, NULL); @@ -508,9 +510,7 @@ if (xml == NULL) return 0; - get_filter_from_xml(xml, filter); - - return 1; + return get_filter_from_xml(xml, filter); #else return 0; #endif @@ -534,7 +534,8 @@ virConnectListNWFilters(conn, names, count); - filters = malloc(count * sizeof(struct acl_filter)); + filters = calloc(count, sizeof(*filters)); + if (filters == NULL) goto err; @@ -542,7 +543,8 @@ { struct acl_filter *filter = NULL; - get_filter_by_name(conn, names[i],&filter); + if (get_filter_by_name(conn, names[i],&filter) == 0) + break; memcpy(&filters[i], filter, sizeof(*filter)); } @@ -630,6 +632,12 @@ filter->rules = malloc((filter->rule_ct + 1) * sizeof(struct acl_rule *)); + if (filter->rules == NULL) { + CU_DEBUG("Failed to allocate memory for new rule"); + filter->rules = old_rules; + return 0; + } + memcpy(filter->rules, old_rules, filter->rule_ct * sizeof(struct acl_rule *)); @@ -657,6 +665,13 @@ old_refs = filter->refs; filter->refs = malloc((filter->ref_ct + 1) * sizeof(char *)); + + if (filter->refs == NULL) { + CU_DEBUG("Failed to allocate memory for new ref"); + filter->refs = old_refs; + return 0; + } + memcpy(filter->refs, old_refs, filter->ref_ct * sizeof(char *)); filter->refs[filter->ref_ct] = name; @@ -682,8 +697,9 @@ if (STREQC(old_refs[i], name)) { free(old_refs[i]); } - else - append_filter_ref(filter, old_refs[i]); + else if(append_filter_ref(filter, old_refs[i]) == 0) { + return 0; + } } return 1; _______________________________________________ Libvirt-cim mailing list Libvirt-cim(a)redhat.com https://www.redhat.com/mailman/listinfo/libvirt-cim