[libvirt] [PATCH v2] Fix potential NULL dereference in remoteDomainMigratePrepare2

Jiri Denemark jdenemar at redhat.com
Thu May 13 08:05:16 UTC 2010


---
 src/remote/remote_driver.c |   19 ++++++++++++++++++-
 1 files changed, 18 insertions(+), 1 deletions(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 990bfce..80977a3 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -2849,17 +2849,34 @@ remoteDomainMigratePrepare2 (virConnectPtr dconn,
         goto done;
 
     if (ret.cookie.cookie_len > 0) {
+        if (!cookie || !cookielen) {
+            remoteError(VIR_ERR_INTERNAL_ERROR, "%s",
+                        _("caller ignores cookie or cookielen"));
+            goto error;
+        }
         *cookie = ret.cookie.cookie_val; /* Caller frees. */
         *cookielen = ret.cookie.cookie_len;
     }
-    if (ret.uri_out)
+    if (ret.uri_out) {
+        if (!uri_out) {
+            remoteError(VIR_ERR_INTERNAL_ERROR, "%s",
+                        _("caller ignores uri_out"));
+            goto error;
+        }
         *uri_out = *ret.uri_out; /* Caller frees. */
+    }
 
     rv = 0;
 
 done:
     remoteDriverUnlock(priv);
     return rv;
+error:
+    if (ret.cookie.cookie_len)
+        VIR_FREE(ret.cookie.cookie_val);
+    if (ret.uri_out)
+        VIR_FREE(*ret.uri_out);
+    goto done;
 }
 
 static virDomainPtr
-- 
1.7.1




More information about the libvir-list mailing list