[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libvirt-cim] [PATCH] acl_parsing: Fixing potential leaks



# HG changeset patch
# User Eduardo Lima (Etrunko) <eblima br ibm com>
# Date 1313005735 10800
# Node ID 2b1b79a72ab0288d649399118dffce26fd05e066
# Parent  8759e60c17c42101118f914215d071138340c70f
acl_parsing: Fixing potential leaks

Also adds missing checks for errors in some function calls.

As reported in https://bugzilla.redhat.com/show_bug.cgi?id=728245

line 144 - Function cleanup_filter does not free its parameter filter (this
           causes a lot of Coverity Resource leak warnings).
line 397 - Dynamically allocated variable rule is not freed in function
           parse_acl_filter as a result of line #399.
line 630 - Function "malloc" without NULL check.
line 659 - Function "malloc" without NULL check.

Signed-off-by: Eduardo Lima (Etrunko) <eblima br ibm com>

diff --git a/libxkutil/acl_parsing.c b/libxkutil/acl_parsing.c
--- a/libxkutil/acl_parsing.c
+++ b/libxkutil/acl_parsing.c
@@ -139,6 +139,7 @@
         };
 
         rule->type = UNKNOWN_RULE;
+        free(rule);
 }
 
 void cleanup_filter(struct acl_filter *filter)
@@ -152,10 +153,8 @@
         free(filter->name);
         free(filter->chain);
 
-        for (i = 0; i < filter->rule_ct; i++) {
+        for (i = 0; i < filter->rule_ct; i++)
                 cleanup_rule(filter->rules[i]);
-                free(filter->rules[i]);
-        }
 
         free(filter->rules);
         filter->rule_ct = 0;
@@ -401,14 +400,16 @@
                         if (parse_acl_rule(child, rule) == 0)
                                 goto err;
 
-                        append_filter_rule(filter, rule);
+                        if (append_filter_rule(filter, rule) == 0)
+                                goto err;
                 }
                 else if (XSTREQ(child->name, "filterref")) {
                         filter_ref = get_attr_value(child, "filter");
                         if (filter_ref == NULL)
                                 goto err;
 
-                        append_filter_ref(filter, filter_ref);
+                        if (append_filter_ref(filter, filter_ref) == 0)
+                                goto err;
                 }
         }
 
@@ -440,14 +441,15 @@
         if (xmldoc == NULL)
                 goto err;
 
-        *filter = malloc(sizeof(**filter));
+        *filter = calloc(1, sizeof(**filter));
         if (*filter == NULL)
                 goto err;
 
-        memset(*filter, 0, sizeof(**filter));
-        parse_acl_filter(xmldoc->children, *filter);
-
-        ret = 1;
+        ret = parse_acl_filter(xmldoc->children, *filter);
+        if (ret == 0) {
+                free(*filter);
+                *filter = NULL;
+        }
 
  err:
         xmlSetGenericErrorFunc(NULL, NULL);
@@ -508,9 +510,7 @@
         if (xml == NULL)
                 return 0;
 
-        get_filter_from_xml(xml, filter);
-
-        return 1;
+        return get_filter_from_xml(xml, filter);
 #else
         return 0;
 #endif
@@ -534,7 +534,8 @@
 
         virConnectListNWFilters(conn, names, count);
 
-        filters = malloc(count * sizeof(struct acl_filter));
+        filters = calloc(count, sizeof(*filters));
+
         if (filters == NULL)
                 goto err;
 
@@ -542,7 +543,8 @@
         {
                 struct acl_filter *filter = NULL;
 
-                get_filter_by_name(conn, names[i], &filter);
+                if (get_filter_by_name(conn, names[i], &filter) == 0)
+                        break;
 
                 memcpy(&filters[i], filter, sizeof(*filter));
         }
@@ -630,6 +632,12 @@
         filter->rules =
                 malloc((filter->rule_ct + 1) * sizeof(struct acl_rule *));
 
+        if (filter->rules == NULL) {
+                CU_DEBUG("Failed to allocate memory for new rule");
+                filter->rules = old_rules;
+                return 0;
+        }
+
         memcpy(filter->rules,
                 old_rules,
                 filter->rule_ct * sizeof(struct acl_rule *));
@@ -657,6 +665,13 @@
         old_refs = filter->refs;
 
         filter->refs = malloc((filter->ref_ct + 1) * sizeof(char *));
+
+        if (filter->refs == NULL) {
+                CU_DEBUG("Failed to allocate memory for new ref");
+                filter->refs = old_refs;
+                return 0;
+        }
+
         memcpy(filter->refs, old_refs, filter->ref_ct * sizeof(char *));
 
         filter->refs[filter->ref_ct] = name;
@@ -682,8 +697,9 @@
                 if (STREQC(old_refs[i], name)) {
                         free(old_refs[i]);
                 }
-                else
-                        append_filter_ref(filter, old_refs[i]);
+                else if(append_filter_ref(filter, old_refs[i]) == 0) {
+                        return 0;
+                }
         }
 
         return 1;


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]