From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60733)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1Y9H0G-0004dq-DD
	for qemu-devel@nongnu.org; Thu, 08 Jan 2015 12:36:40 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1Y9Gzw-0006r1-8g
	for qemu-devel@nongnu.org; Thu, 08 Jan 2015 12:36:12 -0500
Received: from e9.ny.us.ibm.com ([32.97.182.139]:46602)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1Y9Gzw-0006qq-4A
	for qemu-devel@nongnu.org; Thu, 08 Jan 2015 12:35:52 -0500
Received: from /spool/local
	by e9.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <mdroth@linux.vnet.ibm.com>;
	Thu, 8 Jan 2015 12:35:51 -0500
From: Michael Roth <mdroth@linux.vnet.ibm.com>
Date: Thu,  8 Jan 2015 11:34:06 -0600
Message-Id: <1420738472-23267-63-git-send-email-mdroth@linux.vnet.ibm.com>
In-Reply-To: <1420738472-23267-1-git-send-email-mdroth@linux.vnet.ibm.com>
References: <1420738472-23267-1-git-send-email-mdroth@linux.vnet.ibm.com>
Subject: [Qemu-devel] [PATCH 62/88] l2tpv3: fix possible double free
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org

From: zhanghailiang <zhang.zhanghailiang@huawei.com>

freeaddrinfo(result) does not assign result = NULL, after frees it.
There will be a double free when it goes error case.
It is reported by covertiy.

Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 77374582ab961af2c5e702f767f52179d5f7676c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 net/l2tpv3.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/net/l2tpv3.c b/net/l2tpv3.c
index 528d95b..65db5ef 100644
--- a/net/l2tpv3.c
+++ b/net/l2tpv3.c
@@ -660,7 +660,6 @@ int net_init_l2tpv3(const NetClientOptions *opts,
     if (fd == -1) {
         fd = -errno;
         error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
-        freeaddrinfo(result);
         goto outerr;
     }
     if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
-- 
1.9.1