[libvirt] [PATCH] remote: Don't leak gnutls session on negotiation error

--- Found while trying to reproduce another reported memory leak in doRemoteOpen. This leaked 10kb per failing call to negotiate_gnutls_on_connection. src/remote/remote_driver.c | 28 +++++++++++++++++++--------- 1 files changed, 19 insertions(+), 9 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index b05bbcb..0915548 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1331,8 +1331,9 @@ negotiate_gnutls_on_connection (virConnectPtr conn, GNUTLS_CRT_OPENPGP, 0 }; + bool success = false; int err; - gnutls_session_t session; + gnutls_session_t session = NULL; /* Initialize TLS session */ @@ -1341,7 +1342,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn, remoteError(VIR_ERR_GNUTLS_ERROR, _("unable to initialize TLS client: %s"), gnutls_strerror (err)); - return NULL; + goto cleanup; } /* Use default priorities */ @@ -1350,7 +1351,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn, remoteError(VIR_ERR_GNUTLS_ERROR, _("unable to set TLS algorithm priority: %s"), gnutls_strerror (err)); - return NULL; + goto cleanup; } err = gnutls_certificate_type_set_priority (session, @@ -1359,7 +1360,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn, remoteError(VIR_ERR_GNUTLS_ERROR, _("unable to set certificate priority: %s"), gnutls_strerror (err)); - return NULL; + goto cleanup; } /* put the x509 credentials to the current session @@ -1369,7 +1370,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn, remoteError(VIR_ERR_GNUTLS_ERROR, _("unable to set session credentials: %s"), gnutls_strerror (err)); - return NULL; + goto cleanup; } gnutls_transport_set_ptr (session, @@ -1391,13 +1392,14 @@ negotiate_gnutls_on_connection (virConnectPtr conn, remoteError(VIR_ERR_GNUTLS_ERROR, _("unable to complete TLS handshake: %s"), gnutls_strerror (err)); - return NULL; + goto cleanup; } /* Verify certificate. */ if (verify_certificate (conn, priv, session) == -1) { VIR_DEBUG0("failed to verify peer's certificate"); - if (!no_verify) return NULL; + if (!no_verify) + goto cleanup; } /* At this point, the server is verifying _our_ certificate, IP address, @@ -1413,13 +1415,13 @@ negotiate_gnutls_on_connection (virConnectPtr conn, remoteError(VIR_ERR_GNUTLS_ERROR, _("unable to complete TLS initialization: %s"), gnutls_strerror (len)); - return NULL; + goto cleanup; } if (len != 1 || buf[0] != '\1') { remoteError(VIR_ERR_RPC, "%s", _("server verification (of our certificate or IP " "address) failed")); - return NULL; + goto cleanup; } #if 0 @@ -1427,6 +1429,14 @@ negotiate_gnutls_on_connection (virConnectPtr conn, print_info (session); #endif + success = true; + +cleanup: + if (!success) { + gnutls_deinit(session); + session = NULL; + } + return session; } -- 1.7.0.4