[PATCH] util: Fix return type mismatch for nl_recv

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



1.

As shown in the definition of nl_recv, its return value is of INT type.

 

int nl_recv(struct nl_handle *handle, struct sockaddr_nl *nla,

             unsigned char **buf, struct ucred **creds)

 

However, in function virNetlinkCommand, it uses an unsigned int param,

respbuflen, to receive its return value. Thus, the branch "*respbuflen < 0"

is unreachable, negative return values are handled incorrectly.

 

2.

It's said in nl_recv's description that "The caller is responsible for

freeing the buffer allocated * in \c *buf if a positive value is returned."

which means, we needn't to free it in case it fails.

Additionally, nl_recv has a BUG in handling buf: in the error branch, it frees

the buf, but didn't set it to NULL. Freeing it outside in the caller function

will cause double free.

Thus, we set but(resp) to NULL if nl_recv fails.

 

Signed-off-by: Zhang Bo <oscar.zhangbo@xxxxxxxxxx>

---

src/util/virnetlink.c | 8 ++++++--

1 file changed, 6 insertions(+), 2 deletions(-)

 

diff --git a/src/util/virnetlink.c b/src/util/virnetlink.c

index 0cf18f2..1a09567 100644

--- a/src/util/virnetlink.c

+++ b/src/util/virnetlink.c

@@ -192,6 +192,7 @@ int virNetlinkCommand(struct nl_msg *nl_msg,

     int n;

     struct nlmsghdr *nlmsg = nlmsg_hdr(nl_msg);

     virNetlinkHandle *nlhandle = NULL;

+    int length = 0;

     if (protocol >= MAX_LINKS) {

         virReportSystemError(EINVAL,

@@ -257,12 +258,15 @@ int virNetlinkCommand(struct nl_msg *nl_msg,

         goto error;

     }

-    *respbuflen = nl_recv(nlhandle, &nladdr,

-                          (unsigned char **)resp, NULL);

+    length = nl_recv(nlhandle, &nladdr,

+                     (unsigned char **)resp, NULL);

 

-    if (*respbuflen <= 0) {

+    if (length <= 0) {

         virReportSystemError(errno,

                              "%s", _("nl_recv failed"));

+       *resp = NULL;

         rc = -1;

+    } else {

+        *respbuflen = length;

     }

  error:

     if (rc == -1) {

--

1.7.12.4

 

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]