1. Patchew
  2. Libvirt
  3. [libvirt] [PATCH v2 0/2] rpc: cleanup in virNetTLSContextNew
  4. View patch

[libvirt] [PATCH v2 1/2] rpc: cleanup in virNetTLSContextNew

Adrian Brzezinski posted 2 patches 6 years, 9 months ago
[libvirt] [PATCH v2 1/2] rpc: cleanup in virNetTLSContextNew
Posted by Adrian Brzezinski 6 years, 9 months ago 
Failed new gnutls context allocations in virNetTLSContextNew function
results in double free and segfault. Occasional memory leaks may also
occur.

Signed-off-by: Adrian Brzezinski <redhat@adrb.pl>
---
 src/rpc/virnettlscontext.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 72e9ed9..7b5d578 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -707,6 +707,12 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert,
 
     err = gnutls_certificate_allocate_credentials(&ctxt->x509cred);
     if (err) {
+       /* gnutls_certificate_credentials_t is complex structure with multiple
+        * internal memory allocatons that can go wrong, so make sure that
+        * reference is NULL.
+        */
+        ctxt->x509cred = NULL;
+
         virReportError(VIR_ERR_SYSTEM_ERROR,
                        _("Unable to allocate x509 credentials: %s"),
                        gnutls_strerror(err));
@@ -758,7 +764,9 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert,
  error:
     if (isServer)
         gnutls_dh_params_deinit(ctxt->dhParams);
-    gnutls_certificate_free_credentials(ctxt->x509cred);
+    if (ctxt->x509cred)
+        gnutls_certificate_free_credentials(ctxt->x509cred);
+    VIR_FREE(ctxt->priority);
     VIR_FREE(ctxt);
     return NULL;
 }
-- 
1.8.3.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 1/2] rpc: cleanup in virNetTLSContextNew
Posted by Daniel P. Berrangé 6 years, 9 months ago 
On Mon, Apr 15, 2019 at 08:29:42PM +0200, Adrian Brzezinski wrote:
> Failed new gnutls context allocations in virNetTLSContextNew function
> results in double free and segfault. Occasional memory leaks may also
> occur.
> 
> Signed-off-by: Adrian Brzezinski <redhat@adrb.pl>
> ---
>  src/rpc/virnettlscontext.c | 10 +++++++++-
>  1 file changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
> index 72e9ed9..7b5d578 100644
> --- a/src/rpc/virnettlscontext.c
> +++ b/src/rpc/virnettlscontext.c
> @@ -707,6 +707,12 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert,
>  
>      err = gnutls_certificate_allocate_credentials(&ctxt->x509cred);
>      if (err) {
> +       /* gnutls_certificate_credentials_t is complex structure with multiple
> +        * internal memory allocatons that can go wrong, so make sure that
> +        * reference is NULL.
> +        */

I changd this comment to

        /* While gnutls_certificate_credentials_t will free any
         * partially allocated credentials struct, it does not
         * set the returned pointer back to NULL after it is
         * freed in an error path.
         */


and then pushed the fix


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.