[libvirt] [PATCH] qemu: Avoid use after free in qemuCaps parsing
--- src/qemu/qemu_domain.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 46414cd..332c09e 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -264,12 +264,13 @@ static int qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt, void *data) char *str = virXMLPropString(nodes[i], "name"); if (str) { int flag = qemuCapsTypeFromString(str); - VIR_FREE(str); if (flag < 0) { qemuReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown qemu capabilities flag %s"), str); + VIR_FREE(str); goto error; } + VIR_FREE(str); qemuCapsSet(qemuCaps, flag); } } -- 1.7.5.3
On Fri, Jun 03, 2011 at 04:34:30PM +0200, Jiri Denemark wrote:
--- src/qemu/qemu_domain.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 46414cd..332c09e 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -264,12 +264,13 @@ static int qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt, void *data) char *str = virXMLPropString(nodes[i], "name"); if (str) { int flag = qemuCapsTypeFromString(str); - VIR_FREE(str); if (flag < 0) { qemuReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown qemu capabilities flag %s"), str); + VIR_FREE(str); goto error; } + VIR_FREE(str); qemuCapsSet(qemuCaps, flag); } }
ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On Fri, Jun 03, 2011 at 15:41:53 +0100, Daniel P. Berrange wrote:
On Fri, Jun 03, 2011 at 04:34:30PM +0200, Jiri Denemark wrote:
--- src/qemu/qemu_domain.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 46414cd..332c09e 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -264,12 +264,13 @@ static int qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt, void *data) char *str = virXMLPropString(nodes[i], "name"); if (str) { int flag = qemuCapsTypeFromString(str); - VIR_FREE(str); if (flag < 0) { qemuReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown qemu capabilities flag %s"), str); + VIR_FREE(str); goto error; } + VIR_FREE(str); qemuCapsSet(qemuCaps, flag); } }
ACK
Pushed, thanks. Jirka
On 03.06.2011 16:34, Jiri Denemark wrote:
--- src/qemu/qemu_domain.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 46414cd..332c09e 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -264,12 +264,13 @@ static int qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt, void *data) char *str = virXMLPropString(nodes[i], "name"); if (str) { int flag = qemuCapsTypeFromString(str); - VIR_FREE(str); if (flag < 0) { qemuReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown qemu capabilities flag %s"), str); + VIR_FREE(str); goto error; } + VIR_FREE(str); qemuCapsSet(qemuCaps, flag); } } Ouch, I wonder how many of mistakes like this left.
ACK Michal
participants (3)
-
Daniel P. Berrange -
Jiri Denemark -
Michal Prívozník