[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 1/2] network: fix crash during cleanup from failure to allocate port

During networkPortCreateXML, if networkAllocatePort() failed,
networkReleasePort() would be called, which would (in the case of
network pools of macvtap passthrough devices) attempt to find the
allocated device by comparing port->plug.direct.linkdev to each device
in the pool. Since port->plug.direct.linkdev was still NULL, the
attempted strcmp would result in a SEGV.

Calling networkReleasePort() during error cleanup is something that
should only be done if networkAllocatePort() has already succeeded. It
turns out there is one other possible error exit from
networkPortCreateXML() that happens after networkAllocatePort() has
succeeded, so the code to call networkReleasePort() was just moved
down to there.

Resolves: https://bugzilla.redhat.com/1741390
Signed-off-by: Laine Stump <laine redhat com>
 src/network/bridge_driver.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 1a5d08a00d..dae1def8de 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -5592,20 +5592,20 @@ networkPortCreateXML(virNetworkPtr net,
         rc = networkNotifyPort(obj, portdef);
         rc = networkAllocatePort(obj, portdef);
-    if (rc < 0) {
+    if (rc < 0)
+        goto cleanup;
+    if (virNetworkObjAddPort(obj, portdef, driver->stateDir) < 0) {
         virErrorPtr saved;
         saved = virSaveLastError();
         ignore_value(networkReleasePort(obj, portdef));
+        virNetworkPortDefFree(portdef);
         goto cleanup;
-    if (virNetworkObjAddPort(obj, portdef, driver->stateDir) < 0) {
-        virNetworkPortDefFree(portdef);
-        goto cleanup;
-    }
     ret = virGetNetworkPort(net, portdef->uuid);

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]