All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-trivial] [PATCH] l2tpv3: fix possible double free
@ 2014-11-14  1:39 ` zhanghailiang
  0 siblings, 0 replies; 8+ messages in thread
From: zhanghailiang @ 2014-11-14  1:39 UTC (permalink / raw)
  To: qemu-trivial; +Cc: zhanghailiang, qemu-devel, stefanha, peter.huangpeng

freeaddrinfo(result) does not assign result = NULL, after frees it.
There will be a double free when it goes error case.
It is reported by covertiy.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
---
 net/l2tpv3.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/l2tpv3.c b/net/l2tpv3.c
index 528d95b..f9e0c98 100644
--- a/net/l2tpv3.c
+++ b/net/l2tpv3.c
@@ -661,6 +661,7 @@ int net_init_l2tpv3(const NetClientOptions *opts,
         fd = -errno;
         error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
         freeaddrinfo(result);
+        result = NULL;
         goto outerr;
     }
     if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
-- 
1.7.12.4




^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [Qemu-devel] [PATCH] l2tpv3: fix possible double free
@ 2014-11-14  1:39 ` zhanghailiang
  0 siblings, 0 replies; 8+ messages in thread
From: zhanghailiang @ 2014-11-14  1:39 UTC (permalink / raw)
  To: qemu-trivial; +Cc: zhanghailiang, qemu-devel, stefanha, peter.huangpeng

freeaddrinfo(result) does not assign result = NULL, after frees it.
There will be a double free when it goes error case.
It is reported by covertiy.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
---
 net/l2tpv3.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/l2tpv3.c b/net/l2tpv3.c
index 528d95b..f9e0c98 100644
--- a/net/l2tpv3.c
+++ b/net/l2tpv3.c
@@ -661,6 +661,7 @@ int net_init_l2tpv3(const NetClientOptions *opts,
         fd = -errno;
         error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
         freeaddrinfo(result);
+        result = NULL;
         goto outerr;
     }
     if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
-- 
1.7.12.4

^ permalink raw reply related	[flat|nested] 8+ messages in thread
* Re: [Qemu-trivial] [Qemu-devel] [PATCH] l2tpv3: fix possible double free
  2014-11-14  1:39 ` [Qemu-devel] " zhanghailiang
@ 2014-11-14  3:03   ` Gonglei
  -1 siblings, 0 replies; 8+ messages in thread
From: Gonglei @ 2014-11-14  3:03 UTC (permalink / raw)
  To: zhanghailiang; +Cc: qemu-trivial, qemu-devel, stefanha, peter.huangpeng

On 2014/11/14 9:39, zhanghailiang wrote:

> freeaddrinfo(result) does not assign result = NULL, after frees it.
> There will be a double free when it goes error case.
> It is reported by covertiy.
> 
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
>  net/l2tpv3.c | 1 +
>  1 file changed, 1 insertion(+)


Reviewed-by: Gonglei <arei.gonglei@huawei.com>



^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH] l2tpv3: fix possible double free
@ 2014-11-14  3:03   ` Gonglei
  0 siblings, 0 replies; 8+ messages in thread
From: Gonglei @ 2014-11-14  3:03 UTC (permalink / raw)
  To: zhanghailiang; +Cc: qemu-trivial, qemu-devel, stefanha, peter.huangpeng

On 2014/11/14 9:39, zhanghailiang wrote:

> freeaddrinfo(result) does not assign result = NULL, after frees it.
> There will be a double free when it goes error case.
> It is reported by covertiy.
> 
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
>  net/l2tpv3.c | 1 +
>  1 file changed, 1 insertion(+)


Reviewed-by: Gonglei <arei.gonglei@huawei.com>

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [Qemu-trivial] [PATCH] l2tpv3: fix possible double free
  2014-11-14  1:39 ` [Qemu-devel] " zhanghailiang
@ 2014-11-14  8:45   ` Paolo Bonzini
  -1 siblings, 0 replies; 8+ messages in thread
From: Paolo Bonzini @ 2014-11-14  8:45 UTC (permalink / raw)
  To: zhanghailiang, qemu-trivial; +Cc: qemu-devel, stefanha, peter.huangpeng



On 14/11/2014 02:39, zhanghailiang wrote:
> freeaddrinfo(result) does not assign result = NULL, after frees it.
> There will be a double free when it goes error case.
> It is reported by covertiy.
> 
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
>  net/l2tpv3.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/net/l2tpv3.c b/net/l2tpv3.c
> index 528d95b..f9e0c98 100644
> --- a/net/l2tpv3.c
> +++ b/net/l2tpv3.c
> @@ -661,6 +661,7 @@ int net_init_l2tpv3(const NetClientOptions *opts,
>          fd = -errno;
>          error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
>          freeaddrinfo(result);
> +        result = NULL;

You can just remove the call to freeaddrinfo().  I made the change and
applied the patch.

Paolo

>          goto outerr;
>      }
>      if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
> 


^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH] l2tpv3: fix possible double free
@ 2014-11-14  8:45   ` Paolo Bonzini
  0 siblings, 0 replies; 8+ messages in thread
From: Paolo Bonzini @ 2014-11-14  8:45 UTC (permalink / raw)
  To: zhanghailiang, qemu-trivial; +Cc: qemu-devel, stefanha, peter.huangpeng



On 14/11/2014 02:39, zhanghailiang wrote:
> freeaddrinfo(result) does not assign result = NULL, after frees it.
> There will be a double free when it goes error case.
> It is reported by covertiy.
> 
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
>  net/l2tpv3.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/net/l2tpv3.c b/net/l2tpv3.c
> index 528d95b..f9e0c98 100644
> --- a/net/l2tpv3.c
> +++ b/net/l2tpv3.c
> @@ -661,6 +661,7 @@ int net_init_l2tpv3(const NetClientOptions *opts,
>          fd = -errno;
>          error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
>          freeaddrinfo(result);
> +        result = NULL;

You can just remove the call to freeaddrinfo().  I made the change and
applied the patch.

Paolo

>          goto outerr;
>      }
>      if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
> 

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [Qemu-trivial] [PATCH] l2tpv3: fix possible double free
  2014-11-14  8:45   ` [Qemu-devel] " Paolo Bonzini
@ 2014-11-17  5:13     ` zhanghailiang
  -1 siblings, 0 replies; 8+ messages in thread
From: zhanghailiang @ 2014-11-17  5:13 UTC (permalink / raw)
  To: Paolo Bonzini, qemu-trivial; +Cc: qemu-devel, stefanha, peter.huangpeng

On 2014/11/14 16:45, Paolo Bonzini wrote:
>
>
> On 14/11/2014 02:39, zhanghailiang wrote:
>> freeaddrinfo(result) does not assign result = NULL, after frees it.
>> There will be a double free when it goes error case.
>> It is reported by covertiy.
>>
>> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
>> ---
>>   net/l2tpv3.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/net/l2tpv3.c b/net/l2tpv3.c
>> index 528d95b..f9e0c98 100644
>> --- a/net/l2tpv3.c
>> +++ b/net/l2tpv3.c
>> @@ -661,6 +661,7 @@ int net_init_l2tpv3(const NetClientOptions *opts,
>>           fd = -errno;
>>           error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
>>           freeaddrinfo(result);
>> +        result = NULL;
>
> You can just remove the call to freeaddrinfo().  I made the change and
> applied the patch.
>

This is a better choice ;) Thanks.

>>           goto outerr;
>>       }
>>       if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
>>
>
>




^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH] l2tpv3: fix possible double free
@ 2014-11-17  5:13     ` zhanghailiang
  0 siblings, 0 replies; 8+ messages in thread
From: zhanghailiang @ 2014-11-17  5:13 UTC (permalink / raw)
  To: Paolo Bonzini, qemu-trivial; +Cc: qemu-devel, stefanha, peter.huangpeng

On 2014/11/14 16:45, Paolo Bonzini wrote:
>
>
> On 14/11/2014 02:39, zhanghailiang wrote:
>> freeaddrinfo(result) does not assign result = NULL, after frees it.
>> There will be a double free when it goes error case.
>> It is reported by covertiy.
>>
>> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
>> ---
>>   net/l2tpv3.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/net/l2tpv3.c b/net/l2tpv3.c
>> index 528d95b..f9e0c98 100644
>> --- a/net/l2tpv3.c
>> +++ b/net/l2tpv3.c
>> @@ -661,6 +661,7 @@ int net_init_l2tpv3(const NetClientOptions *opts,
>>           fd = -errno;
>>           error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
>>           freeaddrinfo(result);
>> +        result = NULL;
>
> You can just remove the call to freeaddrinfo().  I made the change and
> applied the patch.
>

This is a better choice ;) Thanks.

>>           goto outerr;
>>       }
>>       if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
>>
>
>

^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2014-11-17  5:14 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-14  1:39 [Qemu-trivial] [PATCH] l2tpv3: fix possible double free zhanghailiang
2014-11-14  1:39 ` [Qemu-devel] " zhanghailiang
2014-11-14  3:03 ` [Qemu-trivial] " Gonglei
2014-11-14  3:03   ` Gonglei
2014-11-14  8:45 ` [Qemu-trivial] " Paolo Bonzini
2014-11-14  8:45   ` [Qemu-devel] " Paolo Bonzini
2014-11-17  5:13   ` [Qemu-trivial] " zhanghailiang
2014-11-17  5:13     ` [Qemu-devel] " zhanghailiang

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.