qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH] l2tpv3: fix possible double free
@ 2014-11-14  1:39 zhanghailiang
  2014-11-14  3:03 ` Gonglei
  2014-11-14  8:45 ` Paolo Bonzini
  0 siblings, 2 replies; 4+ messages in thread
From: zhanghailiang @ 2014-11-14  1:39 UTC (permalink / raw)
  To: qemu-trivial; +Cc: zhanghailiang, qemu-devel, stefanha, peter.huangpeng

freeaddrinfo(result) does not assign result = NULL, after frees it.
There will be a double free when it goes error case.
It is reported by covertiy.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
---
 net/l2tpv3.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/l2tpv3.c b/net/l2tpv3.c
index 528d95b..f9e0c98 100644
--- a/net/l2tpv3.c
+++ b/net/l2tpv3.c
@@ -661,6 +661,7 @@ int net_init_l2tpv3(const NetClientOptions *opts,
         fd = -errno;
         error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
         freeaddrinfo(result);
+        result = NULL;
         goto outerr;
     }
     if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
-- 
1.7.12.4

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] l2tpv3: fix possible double free
  2014-11-14  1:39 [Qemu-devel] [PATCH] l2tpv3: fix possible double free zhanghailiang
@ 2014-11-14  3:03 ` Gonglei
  2014-11-14  8:45 ` Paolo Bonzini
  1 sibling, 0 replies; 4+ messages in thread
From: Gonglei @ 2014-11-14  3:03 UTC (permalink / raw)
  To: zhanghailiang; +Cc: qemu-trivial, qemu-devel, stefanha, peter.huangpeng

On 2014/11/14 9:39, zhanghailiang wrote:

> freeaddrinfo(result) does not assign result = NULL, after frees it.
> There will be a double free when it goes error case.
> It is reported by covertiy.
> 
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
>  net/l2tpv3.c | 1 +
>  1 file changed, 1 insertion(+)


Reviewed-by: Gonglei <arei.gonglei@huawei.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] l2tpv3: fix possible double free
  2014-11-14  1:39 [Qemu-devel] [PATCH] l2tpv3: fix possible double free zhanghailiang
  2014-11-14  3:03 ` Gonglei
@ 2014-11-14  8:45 ` Paolo Bonzini
  2014-11-17  5:13   ` zhanghailiang
  1 sibling, 1 reply; 4+ messages in thread
From: Paolo Bonzini @ 2014-11-14  8:45 UTC (permalink / raw)
  To: zhanghailiang, qemu-trivial; +Cc: qemu-devel, stefanha, peter.huangpeng



On 14/11/2014 02:39, zhanghailiang wrote:
> freeaddrinfo(result) does not assign result = NULL, after frees it.
> There will be a double free when it goes error case.
> It is reported by covertiy.
> 
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
>  net/l2tpv3.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/net/l2tpv3.c b/net/l2tpv3.c
> index 528d95b..f9e0c98 100644
> --- a/net/l2tpv3.c
> +++ b/net/l2tpv3.c
> @@ -661,6 +661,7 @@ int net_init_l2tpv3(const NetClientOptions *opts,
>          fd = -errno;
>          error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
>          freeaddrinfo(result);
> +        result = NULL;

You can just remove the call to freeaddrinfo().  I made the change and
applied the patch.

Paolo

>          goto outerr;
>      }
>      if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] l2tpv3: fix possible double free
  2014-11-14  8:45 ` Paolo Bonzini
@ 2014-11-17  5:13   ` zhanghailiang
  0 siblings, 0 replies; 4+ messages in thread
From: zhanghailiang @ 2014-11-17  5:13 UTC (permalink / raw)
  To: Paolo Bonzini, qemu-trivial; +Cc: qemu-devel, stefanha, peter.huangpeng

On 2014/11/14 16:45, Paolo Bonzini wrote:
>
>
> On 14/11/2014 02:39, zhanghailiang wrote:
>> freeaddrinfo(result) does not assign result = NULL, after frees it.
>> There will be a double free when it goes error case.
>> It is reported by covertiy.
>>
>> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
>> ---
>>   net/l2tpv3.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/net/l2tpv3.c b/net/l2tpv3.c
>> index 528d95b..f9e0c98 100644
>> --- a/net/l2tpv3.c
>> +++ b/net/l2tpv3.c
>> @@ -661,6 +661,7 @@ int net_init_l2tpv3(const NetClientOptions *opts,
>>           fd = -errno;
>>           error_report("l2tpv3_open : socket creation failed, errno = %d", -fd);
>>           freeaddrinfo(result);
>> +        result = NULL;
>
> You can just remove the call to freeaddrinfo().  I made the change and
> applied the patch.
>

This is a better choice ;) Thanks.

>>           goto outerr;
>>       }
>>       if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
>>
>
>

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-11-17  5:13 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-14  1:39 [Qemu-devel] [PATCH] l2tpv3: fix possible double free zhanghailiang
2014-11-14  3:03 ` Gonglei
2014-11-14  8:45 ` Paolo Bonzini
2014-11-17  5:13   ` zhanghailiang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).