[PATCH] Detect heap allocation failure; factor out some duplication.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I spotted a few unchecked heap allocations (strdup, malloc, calloc)
in qemud.c and have fixed it so such failure evokes a proper diagnostic
rather than e.g., a segfault.

I've also arranged to free some of the memory upon failure,
but not all (see comments for why).

In spite of those additions, this patch factors out enough
duplication that the net change is to remove a few lines from the
file.  Although in general I prefer to factor things out into
separate functions, in this case, it seemed better to use macros.

Wed Nov 28 14:16:17 CET 2007 Jim Meyering <meyering@xxxxxxxxxx>

	Detect heap allocation failure; factor out some duplication.
	* qemud/qemud.c (mdns_name, tls_allowed_ip_list, tls_allowed_dn_list):
	  Remove "const", now that we free these.
	  (remoteCheckDN, remoteCheckAccess): Adapt to const removal.
	  (qemudDispatchServer): Check for heap allocation failure.
	  CHECK_TYPE, GET_CONF_INT, GET_CONF_STR, GET_CONF_STR_LIST):
	  New and changed macros.

Signed-off-by: Jim Meyering <meyering@xxxxxxxxxx>
---
 qemud/qemud.c |  247 ++++++++++++++++++++++++++++-----------------------------
 1 files changed, 121 insertions(+), 126 deletions(-)

diff --git a/qemud/qemud.c b/qemud/qemud.c
index 5f76a26..34ab815 100644
--- a/qemud/qemud.c
+++ b/qemud/qemud.c
@@ -79,13 +79,13 @@ static int unix_sock_ro_perms = 0777; /* Allow world */
 
 #ifdef HAVE_AVAHI
 static int mdns_adv = 1;
-static const char *mdns_name = NULL;
+static char *mdns_name = NULL;
 #endif
 
 static int tls_no_verify_certificate = 0;
 static int tls_no_verify_address = 0;
-static const char **tls_allowed_ip_list = 0;
-static const char **tls_allowed_dn_list = 0;
+static char **tls_allowed_ip_list = NULL;
+static char **tls_allowed_dn_list = NULL;
 
 static const char *key_file = LIBVIRT_SERVERKEY;
 static const char *cert_file = LIBVIRT_SERVERCERT;
@@ -840,7 +840,7 @@ remoteCheckDN (gnutls_x509_crt_t cert)
 {
     char name[256];
     size_t namesize = sizeof name;
-    const char **wildcards;
+    char **wildcards;
     int err;
 
     err = gnutls_x509_crt_get_dn (cert, name, &namesize);
@@ -959,7 +959,7 @@ static int
 remoteCheckAccess (struct qemud_client *client)
 {
     char addr[NI_MAXHOST];
-    const char **wildcards;
+    char **wildcards;
     int found, err;
 
     /* Verify client certificate. */
@@ -1044,6 +1044,8 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
     }
 
     client = calloc(1, sizeof(struct qemud_client));
+    if (client == NULL)
+        goto cleanup;
     client->magic = QEMUD_CLIENT_MAGIC;
     client->fd = fd;
     client->readonly = sock->readonly;
@@ -1523,31 +1525,38 @@ remoteReadConfigFile (const char *filename)
 
     virConfValuePtr p;
 
-#define CHECK_TYPE(name,typ) if (p && p->type != (typ)) {               \
-        qemudLog (QEMUD_ERR,                                            \
-                  "remoteReadConfigFile: %s: %s: expected type " #typ "\n", \
-                  filename, (name));                                    \
-        return -1;                                                      \
-    }
-
-    p = virConfGetValue (conf, "listen_tls");
-    CHECK_TYPE ("listen_tls", VIR_CONF_LONG);
-    listen_tls = p ? p->l : listen_tls;
-
-    p = virConfGetValue (conf, "listen_tcp");
-    CHECK_TYPE ("listen_tcp", VIR_CONF_LONG);
-    listen_tcp = p ? p->l : listen_tcp;
-
-    p = virConfGetValue (conf, "tls_port");
-    CHECK_TYPE ("tls_port", VIR_CONF_STRING);
-    tls_port = p ? strdup (p->str) : tls_port;
-
-    p = virConfGetValue (conf, "tcp_port");
-    CHECK_TYPE ("tcp_port", VIR_CONF_STRING);
-    tcp_port = p ? strdup (p->str) : tcp_port;
-
-    p = virConfGetValue (conf, "unix_sock_group");
-    CHECK_TYPE ("unix_sock_group", VIR_CONF_STRING);
+#define CHECK_TYPE(p, filename, conf, var_name, Type)       \
+    do {                                                    \
+        (p) = virConfGetValue ((conf), #Type);              \
+        if ((p) && (p)->type != (Type)) {                   \
+            qemudLog (QEMUD_ERR,                            \
+                      "remoteReadConfigFile: %s: %s:"       \
+                      " expected type " #Type "\n",         \
+                      filename, #var_name);                 \
+            goto free_and_fail;                             \
+        }                                                   \
+    } while (0)
+
+#define GET_CONF_INT(p, filename, conf, var_name)                    \
+    do {                                                             \
+        CHECK_TYPE(p, filename, conf, var_name, VIR_CONF_LONG);      \
+        if (p)                                                       \
+            (var_name) = p->l;                                       \
+    } while (0)
+
+#define GET_CONF_STR(p, filename, conf, var_name)                      \
+    do {                                                               \
+        CHECK_TYPE(p, filename, conf, var_name, VIR_CONF_STRING);      \
+        if (p) {                                                       \
+            if (!((var_name) = strdup ((p)->str)))                     \
+                goto diagnose_alloc_failure_and_fail;                  \
+        }                                                              \
+    } while (0)
+
+    GET_CONF_STR (p, filename, conf, tls_port);
+    GET_CONF_STR (p, filename, conf, tcp_port);
+
+    CHECK_TYPE (p, filename, conf, unix_sock_group, VIR_CONF_STRING);
     if (p && p->str) {
         if (getuid() != 0) {
             qemudLog (QEMUD_WARN, "Cannot set group when not running as root");
@@ -1561,8 +1570,7 @@ remoteReadConfigFile (const char *filename)
         }
     }
 
-    p = virConfGetValue (conf, "unix_sock_ro_perms");
-    CHECK_TYPE ("unix_sock_ro_perms", VIR_CONF_STRING);
+    GET_CONF_INT (p, filename, conf, unix_sock_ro_perms);
     if (p && p->str) {
         if (xstrtol_i(p->str, NULL, 8, &unix_sock_ro_perms) != 0) {
             qemudLog (QEMUD_ERR, "Failed to parse mode '%s'", p->str);
@@ -1570,8 +1578,7 @@ remoteReadConfigFile (const char *filename)
         }
     }
 
-    p = virConfGetValue (conf, "unix_sock_rw_perms");
-    CHECK_TYPE ("unix_sock_rw_perms", VIR_CONF_STRING);
+    GET_CONF_INT (p, filename, conf, unix_sock_rw_perms);
     if (p && p->str) {
         if (xstrtol_i(p->str, NULL, 8, &unix_sock_rw_perms) != 0) {
             qemudLog (QEMUD_ERR, "Failed to parse mode '%s'", p->str);
@@ -1580,107 +1587,95 @@ remoteReadConfigFile (const char *filename)
     }
 
 #ifdef HAVE_AVAHI
-    p = virConfGetValue (conf, "mdns_adv");
-    CHECK_TYPE ("mdns_adv", VIR_CONF_LONG);
-    mdns_adv = p ? p->l : mdns_adv;
-
-    p = virConfGetValue (conf, "mdns_name");
-    CHECK_TYPE ("mdns_name", VIR_CONF_STRING);
-    mdns_name = p ? strdup (p->str) : NULL;
+    GET_CONF_INT (p, filename, conf, mdns_adv);
+    GET_CONF_STR (p, filename, conf, mdns_name);
 #endif
 
-    p = virConfGetValue (conf, "tls_no_verify_certificate");
-    CHECK_TYPE ("tls_no_verify_certificate", VIR_CONF_LONG);
-    tls_no_verify_certificate = p ? p->l : tls_no_verify_certificate;
-
-    p = virConfGetValue (conf, "tls_no_verify_address");
-    CHECK_TYPE ("tls_no_verify_address", VIR_CONF_LONG);
-    tls_no_verify_address = p ? p->l : tls_no_verify_address;
-
-    p = virConfGetValue (conf, "key_file");
-    CHECK_TYPE ("key_file", VIR_CONF_STRING);
-    key_file = p ? strdup (p->str) : key_file;
-
-    p = virConfGetValue (conf, "cert_file");
-    CHECK_TYPE ("cert_file", VIR_CONF_STRING);
-    cert_file = p ? strdup (p->str) : cert_file;
-
-    p = virConfGetValue (conf, "ca_file");
-    CHECK_TYPE ("ca_file", VIR_CONF_STRING);
-    ca_file = p ? strdup (p->str) : ca_file;
-
-    p = virConfGetValue (conf, "crl_file");
-    CHECK_TYPE ("crl_file", VIR_CONF_STRING);
-    crl_file = p ? strdup (p->str) : crl_file;
-
-    p = virConfGetValue (conf, "tls_allowed_dn_list");
-    if (p) {
-        switch (p->type) {
-        case VIR_CONF_STRING:
-            tls_allowed_dn_list = malloc (2 * sizeof (char *));
-            tls_allowed_dn_list[0] = strdup (p->str);
-            tls_allowed_dn_list[1] = 0;
-            break;
+    GET_CONF_INT (p, filename, conf, tls_no_verify_certificate);
+    GET_CONF_INT (p, filename, conf, tls_no_verify_address);
+
+    GET_CONF_STR (p, filename, conf, key_file);
+    GET_CONF_STR (p, filename, conf, cert_file);
+    GET_CONF_STR (p, filename, conf, ca_file);
+    GET_CONF_STR (p, filename, conf, crl_file);
+
+#define GET_CONF_STR_LIST(List_var)                                     \
+    do {                                                                \
+        p = virConfGetValue (conf, #List_var);                          \
+        if (p) {                                                        \
+            switch (p->type) {                                          \
+            case VIR_CONF_STRING:                                       \
+                if (!((List_var) = malloc (2 * sizeof (char *))))       \
+                    goto free_and_fail;                                 \
+                if (!((List_var)[0] = strdup (p->str)))                 \
+                    goto free_and_fail;                                 \
+                (List_var)[1] = NULL;                                   \
+                break;                                                  \
+                                                                        \
+            case VIR_CONF_LIST: {                                       \
+                int i, len = 0;                                         \
+                virConfValuePtr pp;                                     \
+                for (pp = p->list; pp; pp = p->next)                    \
+                    len++;                                              \
+                if (!((List_var) = malloc ((1+len) * sizeof (char *)))) \
+                    goto free_and_fail;                                 \
+                for (i = 0, pp = p->list; pp; ++i, pp = p->next) {      \
+                    if (pp->type != VIR_CONF_STRING) {                  \
+                        qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: %s: " \
+                                  "must be a string or list of strings\n", \
+                                  filename, #List_var);                 \
+                        goto free_and_fail;                             \
+                    }                                                   \
+                    if (!((List_var)[i] = strdup (pp->str)))            \
+                        goto free_and_fail;                             \
+                }                                                       \
+                (List_var)[i] = NULL;                                   \
+                break;                                                  \
+            }                                                           \
+                                                                        \
+            default:                                                    \
+                qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: %s: "   \
+                          "must be a string or list of strings\n",      \
+                          filename, #List_var);                         \
+                goto free_and_fail;                                     \
+            }                                                           \
+        }                                                               \
+    } while (0)
+
+    GET_CONF_STR_LIST (tls_allowed_dn_list);
+    GET_CONF_STR_LIST (tls_allowed_ip_list);
 
-        case VIR_CONF_LIST: {
-            int i, len = 0;
-            virConfValuePtr pp;
-            for (pp = p->list; pp; pp = p->next)
-                len++;
-            tls_allowed_dn_list =
-                malloc ((1+len) * sizeof (char *));
-            for (i = 0, pp = p->list; pp; ++i, pp = p->next) {
-                if (pp->type != VIR_CONF_STRING) {
-                    qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: tls_allowed_dn_list: should be a string or list of strings\n", filename);
-                    return -1;
-                }
-                tls_allowed_dn_list[i] = strdup (pp->str);
-            }
-            tls_allowed_dn_list[i] = 0;
-            break;
-        }
+    virConfFree (conf);
+    return 0;
 
-        default:
-            qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: tls_allowed_dn_list: should be a string or list of strings\n", filename);
-            return -1;
-        }
-    }
+ diagnose_alloc_failure_and_fail:
+    qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s\n", strerror (errno));
 
-    p = virConfGetValue (conf, "tls_allowed_ip_list");
-    if (p) {
-        switch (p->type) {
-        case VIR_CONF_STRING:
-            tls_allowed_ip_list = malloc (2 * sizeof (char *));
-            tls_allowed_ip_list[0] = strdup (p->str);
-            tls_allowed_ip_list[1] = 0;
-            break;
+ free_and_fail:
+    free (mdns_name);
+    mdns_name = NULL;
 
-        case VIR_CONF_LIST: {
-            int i, len = 0;
-            virConfValuePtr pp;
-            for (pp = p->list; pp; pp = p->next)
-                len++;
-            tls_allowed_ip_list =
-                malloc ((1+len) * sizeof (char *));
-            for (i = 0, pp = p->list; pp; ++i, pp = p->next) {
-                if (pp->type != VIR_CONF_STRING) {
-                    qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: tls_allowed_ip_list: should be a string or list of strings\n", filename);
-                    return -1;
-                }
-                tls_allowed_ip_list[i] = strdup (pp->str);
-            }
-            tls_allowed_ip_list[i] = 0;
-            break;
-        }
+    /* Don't bother trying to free tcp_port, tls_port, key_file, cert_file,
+       ca_file, or crl_file, since they are initialized to non-malloc'd
+       strings.  Besides, these are static variables, and callers are
+       unlikely to call this function more than once, so there wouldn't
+       even be a real leak.  */
 
-        default:
-            qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: tls_allowed_ip_list: should be a string or list of strings\n", filename);
-            return -1;
-        }
+    if (tls_allowed_ip_list) {
+        char *t;
+        for (t = *tls_allowed_ip_list; t; t++)
+            free (t);
+        tls_allowed_ip_list = NULL;
     }
 
-    virConfFree (conf);
-    return 0;
+    if (tls_allowed_dn_list) {
+        char *t;
+        for (t = *tls_allowed_dn_list; t; t++)
+            free (t);
+        tls_allowed_dn_list = NULL;
+    }
+
+    return -1;
 }
 
 /* Print command-line usage. */
-- 
1.5.3.6.961.gecf4

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]