Re: [PATCH] libxl: Resolve possible resource leak in dom0 maximum memory setting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/10/2017 02:06 PM, John Ferlan wrote:
> If either the "if (STRPREFIX(mem_tokens[j], "max:"))" is never entered
> or the "if (virStrToLong_ull(mem_tokens[j] + 4, &p, 10, maxmem) < 0)" break
> is hit, control goes back to the outer loop processing 'cmd_tokens' and
> it's possible that the 'mem_tokens' would be overwritten.
> 
> Found by Coverity
> 
> Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
> ---
> 
>  Of course this is what led me down the path of the recently sent virusbmock
> patch...
> 
>  src/libxl/libxl_conf.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
> index 6ce2e0a..f5b788b 100644
> --- a/src/libxl/libxl_conf.c
> +++ b/src/libxl/libxl_conf.c
> @@ -1622,6 +1622,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriverConfigPtr cfg,
>                  goto cleanup;
>              }
>          }
> +        virStringListFree(mem_tokens);
>      }
>  
>   physmem:
> 

This will work. The other possible location is just before:

if (!(mem_tokens = virStringSplit(cmd_tokens[i], ",", 0)))

line.

ACK

Michal

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux