Re: [libvirt] Power Hypervisor: Fix potential segfault and memleak in phypOpen
2009/8/20 Chris Lalancette <clalance(a)redhat.com>:
Matthias Bolte wrote:
> Hi,
>
> I came across this line in the phypOpen function:
>
> char string[strlen(conn->uri->path)];
>
> Here the path part of the given URI is used without checking it for
> NULL, this can cause a segfault as strlen expects a string != NULL.
> Beside that uuid_db and connection_data leak in case of an error.
>
> In this line
>
> conn->uri->path = string;
>
> the original path of the URI leaks. The patch adds a VIR_FREE call
> before setting the new path.
>
> The attached patch is compile-tested but I don't have a Power
> Hypervisor installation at hand to test it for real.
I've now committed this patch (with some slight munging to get it to apply to
recent libvirt.git).
Thanks,
--
Chris Lalancette
Well, you should have applied version 2 of this patch, because version
1 was invalidated by changes to escape_specialcharacters(). It now
takes a length argument, but string isn't an array anymore (but a char
pointer), so sizeof(string) does no longer the right thing:
escape_specialcharacters(conn->uri->path, string, sizeof(string))
I attached patch version 2 again.
Matthias
Attachments:
- phyp_fix_segfault_and_memleak_in_phypOpen_v2.patch (text/x-diff — 2.6 KB)