---
Found while trying to reproduce another reported memory leak in doRemoteOpen.
This leaked 10kb per failing call to negotiate_gnutls_on_connection.
src/remote/remote_driver.c | 28 +++++++++++++++++++---------
1 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index b05bbcb..0915548 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1331,8 +1331,9 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
GNUTLS_CRT_OPENPGP,
0
};
+ bool success = false;
int err;
- gnutls_session_t session;
+ gnutls_session_t session = NULL;
/* Initialize TLS session
*/
@@ -1341,7 +1342,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to initialize TLS client: %s"),
gnutls_strerror (err));
- return NULL;
+ goto cleanup;
}
/* Use default priorities */
@@ -1350,7 +1351,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to set TLS algorithm priority: %s"),
gnutls_strerror (err));
- return NULL;
+ goto cleanup;
}
err =
gnutls_certificate_type_set_priority (session,
@@ -1359,7 +1360,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to set certificate priority: %s"),
gnutls_strerror (err));
- return NULL;
+ goto cleanup;
}
/* put the x509 credentials to the current session
@@ -1369,7 +1370,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to set session credentials: %s"),
gnutls_strerror (err));
- return NULL;
+ goto cleanup;
}
gnutls_transport_set_ptr (session,
@@ -1391,13 +1392,14 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to complete TLS handshake: %s"),
gnutls_strerror (err));
- return NULL;
+ goto cleanup;
}
/* Verify certificate. */
if (verify_certificate (conn, priv, session) == -1) {
VIR_DEBUG0("failed to verify peer's certificate");
- if (!no_verify) return NULL;
+ if (!no_verify)
+ goto cleanup;
}
/* At this point, the server is verifying _our_ certificate, IP address,
@@ -1413,13 +1415,13 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to complete TLS initialization: %s"),
gnutls_strerror (len));
- return NULL;
+ goto cleanup;
}
if (len != 1 || buf[0] != '\1') {
remoteError(VIR_ERR_RPC, "%s",
_("server verification (of our certificate or IP "
"address) failed"));
- return NULL;
+ goto cleanup;
}
#if 0
@@ -1427,6 +1429,14 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
print_info (session);
#endif
+ success = true;
+
+cleanup:
+ if (!success) {
+ gnutls_deinit(session);
+ session = NULL;
+ }
+
return session;
}
--
1.7.0.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list