If strdup("x509dname") or strdup("saslUsername") success, but
strdup(x509dname) or strdup(saslUsername) failed, subject->nidentity
is not the num elements of subject->identities, and we will leak some
memory.
---
src/qemu/qemu_process.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index e74e0f1..0d2ccdc 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -544,18 +544,18 @@ qemuProcessHandleGraphics(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
if (x509dname) {
if (VIR_REALLOC_N(subject->identities, subject->nidentity+1) < 0)
goto no_memory;
- if (!(subject->identities[subject->nidentity].type = strdup("x509dname")) ||
- !(subject->identities[subject->nidentity].name = strdup(x509dname)))
- goto no_memory;
subject->nidentity++;
+ if (!(subject->identities[subject->nidentity-1].type = strdup("x509dname")) ||
+ !(subject->identities[subject->nidentity-1].name = strdup(x509dname)))
+ goto no_memory;
}
if (saslUsername) {
if (VIR_REALLOC_N(subject->identities, subject->nidentity+1) < 0)
goto no_memory;
- if (!(subject->identities[subject->nidentity].type = strdup("saslUsername")) ||
- !(subject->identities[subject->nidentity].name = strdup(saslUsername)))
- goto no_memory;
subject->nidentity++;
+ if (!(subject->identities[subject->nidentity-1].type = strdup("saslUsername")) ||
+ !(subject->identities[subject->nidentity-1].name = strdup(saslUsername)))
+ goto no_memory;
}
virDomainObjLock(vm);
--
1.7.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list