From nobody Mon Feb 9 17:57:40 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593056174; cv=none; d=zohomail.com; s=zohoarc; b=Co50sMZDH+xCRxgsRfZj1tx1/3zpH6bAOalv6tgpMKflB7btqDNX9oSSo4KT/Hv8N0XzHnmB3SMGR6VxTlUVKVlKyMo/sDtqzyUqXaWdYP8z8416Wi2z7H42RGJLqQ00OV7ra7w/o5iLCPd2TmW8zqi6wam7Fz/Qkg5Y3ITu8h0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593056174; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=wCI/4gCQtqNkpwOjNezOOFCaSPG4c1TXewMPJMrsBe8=; b=Y5vwphTmo4Q/Fhulzav6R7OvVy2MdVBAdxjvg0mJ6PEqDaUDGRar8eX0NBipp0f5r56lYb19xvQPE/RdiPJEF6jYBaeGklbDEkoyJLz6ykWr24nhhMKlw4YwtqkfS68xV76999KitHZTi8Mcfs/ALbh8FTchcqiX+XHm6FfVlkk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 159305617401620.032721685877732; Wed, 24 Jun 2020 20:36:14 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-426-XwMu5G6LNhuK6jvek_LfKw-1; Wed, 24 Jun 2020 23:34:48 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 738448018AB; Thu, 25 Jun 2020 03:34:43 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 50E456109F; Thu, 25 Jun 2020 03:34:43 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1FC6E875B2; Thu, 25 Jun 2020 03:34:43 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 05P3YYLq007932 for ; Wed, 24 Jun 2020 23:34:34 -0400 Received: by smtp.corp.redhat.com (Postfix) id 62E3C5BAC9; Thu, 25 Jun 2020 03:34:34 +0000 (UTC) Received: from vhost2.laine.org (ovpn-114-28.phx2.redhat.com [10.3.114.28]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1B69F5BAC6 for ; Thu, 25 Jun 2020 03:34:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593056172; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=wCI/4gCQtqNkpwOjNezOOFCaSPG4c1TXewMPJMrsBe8=; b=Doghs1sUWTdAHL0eNX/ntIc8GEJ/jLvZ9C6SBBgxB89I29AMI3nWHrepp3aURGqEi+4HNn X6cyL2X3TRTbEnSS5t165QavwOXE+t7n8HBdWesJGv89Jn3WFLoFyrTs+/HugWpa3sKabc NArkiFgdN2c7XOTpK8DL6OSNaWCm2Kk= X-MC-Unique: XwMu5G6LNhuK6jvek_LfKw-1 From: Laine Stump To: libvir-list@redhat.com Subject: [PATCH 21/25] nwfilter: convert local pointers to use g_auto* Date: Wed, 24 Jun 2020 23:34:10 -0400 Message-Id: <20200625033414.1819594-22-laine@redhat.com> In-Reply-To: <20200625033414.1819594-1-laine@redhat.com> References: <20200625033414.1819594-1-laine@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Laine Stump --- src/nwfilter/nwfilter_dhcpsnoop.c | 91 ++++-------- src/nwfilter/nwfilter_ebiptables_driver.c | 170 +++++++++------------- src/nwfilter/nwfilter_gentech_driver.c | 19 +-- src/nwfilter/nwfilter_learnipaddr.c | 9 +- 4 files changed, 108 insertions(+), 181 deletions(-) diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcp= snoop.c index f54e1a88e0..32cd6492ad 100644 --- a/src/nwfilter/nwfilter_dhcpsnoop.c +++ b/src/nwfilter/nwfilter_dhcpsnoop.c @@ -292,18 +292,17 @@ static const unsigned char dhcp_magic[4] =3D { 99, 13= 0, 83, 99 }; static char * virNWFilterSnoopActivate(virNWFilterSnoopReqPtr req) { - char *key; - - key =3D g_strdup_printf("%p-%d", req, req->ifindex); + g_autofree char *key =3D g_strdup_printf("%p-%d", req, req->ifindex); + char *ret =3D NULL; =20 virNWFilterSnoopActiveLock(); =20 - if (virHashAddEntry(virNWFilterSnoopState.active, key, (void *)0x1) < = 0) - VIR_FREE(key); + if (virHashAddEntry(virNWFilterSnoopState.active, key, (void *)0x1) = =3D=3D 0) + ret =3D g_steal_pointer(&key); =20 virNWFilterSnoopActiveUnlock(); =20 - return key; + return ret; } =20 static void @@ -442,11 +441,10 @@ static int virNWFilterSnoopIPLeaseInstallRule(virNWFilterSnoopIPLeasePtr ipl, bool instantiate) { - char *ipaddr; + g_autofree char *ipaddr =3D virSocketAddrFormat(&ipl->ipAddress); int rc =3D -1; virNWFilterSnoopReqPtr req; =20 - ipaddr =3D virSocketAddrFormat(&ipl->ipAddress); if (!ipaddr) return -1; =20 @@ -473,9 +471,6 @@ virNWFilterSnoopIPLeaseInstallRule(virNWFilterSnoopIPLe= asePtr ipl, =20 exit_snooprequnlock: virNWFilterSnoopReqUnlock(req); - - VIR_FREE(ipaddr); - return rc; } =20 @@ -551,7 +546,7 @@ virNWFilterSnoopReqGet(virNWFilterSnoopReqPtr req) static virNWFilterSnoopReqPtr virNWFilterSnoopReqNew(const char *ifkey) { - virNWFilterSnoopReqPtr req; + g_autofree virNWFilterSnoopReqPtr req =3D g_new0(virNWFilterSnoopReq, = 1); =20 if (ifkey =3D=3D NULL || strlen(ifkey) !=3D VIR_IFKEY_LEN - 1) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -562,28 +557,20 @@ virNWFilterSnoopReqNew(const char *ifkey) return NULL; } =20 - req =3D g_new0(virNWFilterSnoopReq, 1); - req->threadStatus =3D THREAD_STATUS_NONE; =20 - if (virStrcpyStatic(req->ifkey, ifkey) < 0|| - virMutexInitRecursive(&req->lock) < 0) - goto err_free_req; + if (virStrcpyStatic(req->ifkey, ifkey) < 0 || + virMutexInitRecursive(&req->lock) < 0) { + return NULL; + } =20 - if (virCondInit(&req->threadStatusCond) < 0) - goto err_destroy_mutex; + if (virCondInit(&req->threadStatusCond) < 0) { + virMutexDestroy(&req->lock); + return NULL; + } =20 virNWFilterSnoopReqGet(req); - - return req; - - err_destroy_mutex: - virMutexDestroy(&req->lock); - - err_free_req: - VIR_FREE(req); - - return NULL; + return g_steal_pointer(&req); } =20 /* @@ -815,7 +802,7 @@ virNWFilterSnoopReqLeaseDel(virNWFilterSnoopReqPtr req, { int ret =3D 0; virNWFilterSnoopIPLeasePtr ipl; - char *ipstr =3D NULL; + g_autofree char *ipstr =3D NULL; =20 /* protect req->start, req->ifname and the lease */ virNWFilterSnoopReqLock(req); @@ -868,8 +855,6 @@ virNWFilterSnoopReqLeaseDel(virNWFilterSnoopReqPtr req, ignore_value(!!g_atomic_int_dec_and_test(&virNWFilterSnoopState.nLease= s)); =20 lease_not_found: - VIR_FREE(ipstr); - virNWFilterSnoopReqUnlock(req); =20 return ret; @@ -1045,7 +1030,7 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAd= dr *mac, pcap_t *handle =3D NULL; struct bpf_program fp; char pcap_errbuf[PCAP_ERRBUF_SIZE]; - char *ext_filter =3D NULL; + g_autofree char *ext_filter =3D NULL; char macaddr[VIR_MAC_STRING_BUFLEN]; =20 virMacAddrFormat(mac, macaddr); @@ -1075,7 +1060,7 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAd= dr *mac, if (handle =3D=3D NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("pcap_create failed")); - goto cleanup_nohandle; + return NULL; } =20 if (pcap_set_snaplen(handle, PCAP_PBUFSIZE) < 0 || @@ -1107,17 +1092,12 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMac= Addr *mac, } =20 pcap_freecode(&fp); - VIR_FREE(ext_filter); - return handle; =20 cleanup_freecode: pcap_freecode(&fp); cleanup: pcap_close(handle); - cleanup_nohandle: - VIR_FREE(ext_filter); - return NULL; } =20 @@ -1128,7 +1108,7 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAd= dr *mac, static void virNWFilterDHCPDecodeWorker(void *jobdata, void *opaque) { virNWFilterSnoopReqPtr req =3D opaque; - virNWFilterDHCPDecodeJobPtr job =3D jobdata; + g_autofree virNWFilterDHCPDecodeJobPtr job =3D jobdata; virNWFilterSnoopEthHdrPtr packet =3D (virNWFilterSnoopEthHdrPtr)job->p= acket; =20 if (virNWFilterSnoopDHCPDecode(req, packet, @@ -1140,7 +1120,6 @@ static void virNWFilterDHCPDecodeWorker(void *jobdata= , void *opaque) "interface '%s'"), req->binding->portdevname); } ignore_value(!!g_atomic_int_dec_and_test(job->qCtr)); - VIR_FREE(job); } =20 /* @@ -1307,7 +1286,7 @@ virNWFilterDHCPSnoopThread(void *req0) int errcount =3D 0; int tmp =3D -1, rv, n, pollTo; size_t i; - char *threadkey =3D NULL; + g_autofree char *threadkey =3D NULL; virThreadPoolPtr worker =3D NULL; time_t last_displayed =3D 0, last_displayed_queue =3D 0; virNWFilterSnoopPcapConf pcapConf[] =3D { @@ -1533,8 +1512,6 @@ virNWFilterDHCPSnoopThread(void *req0) =20 virNWFilterSnoopReqPut(req); =20 - VIR_FREE(threadkey); - for (i =3D 0; i < G_N_ELEMENTS(pcapConf); i++) { if (pcapConf[i].handle) pcap_close(pcapConf[i].handle); @@ -1721,18 +1698,13 @@ static int virNWFilterSnoopLeaseFileWrite(int lfd, const char *ifkey, virNWFilterSnoopIPLeasePtr ipl) { - char *lbuf =3D NULL; - char *ipstr, *dhcpstr; + g_autofree char *lbuf =3D NULL; + g_autofree char *ipstr =3D virSocketAddrFormat(&ipl->ipAddress); + g_autofree char *dhcpstr =3D virSocketAddrFormat(&ipl->ipServer); int len; - int ret =3D 0; =20 - ipstr =3D virSocketAddrFormat(&ipl->ipAddress); - dhcpstr =3D virSocketAddrFormat(&ipl->ipServer); - - if (!dhcpstr || !ipstr) { - ret =3D -1; - goto cleanup; - } + if (!dhcpstr || !ipstr) + return -1; =20 /* time intf ip dhcpserver */ lbuf =3D g_strdup_printf("%u %s %s %s\n", ipl->timeout, ifkey, ipstr, = dhcpstr); @@ -1740,18 +1712,11 @@ virNWFilterSnoopLeaseFileWrite(int lfd, const char = *ifkey, =20 if (safewrite(lfd, lbuf, len) !=3D len) { virReportSystemError(errno, "%s", _("lease file write failed")); - ret =3D -1; - goto cleanup; + return -1; } =20 ignore_value(g_fsync(lfd)); - - cleanup: - VIR_FREE(lbuf); - VIR_FREE(dhcpstr); - VIR_FREE(ipstr); - - return ret; + return 0; } =20 /* diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfil= ter_ebiptables_driver.c index 8fdc8e8897..b382b9405d 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -188,10 +188,10 @@ _printDataType(virNWFilterVarCombIterPtr vars, bool asHex, bool directionIn) { bool done; - char *data; + g_autofree char *data =3D NULL; uint8_t ctr; - virBuffer vb =3D VIR_BUFFER_INITIALIZER; - char *flags; + g_auto(virBuffer) vb =3D VIR_BUFFER_INITIALIZER; + g_autofree char *flags =3D NULL; =20 if (printVar(vars, buf, bufsize, item, &done) < 0) return -1; @@ -207,10 +207,8 @@ _printDataType(virNWFilterVarCombIterPtr vars, if (g_snprintf(buf, bufsize, "%s", data) >=3D bufsize) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("buffer too small for IP address")); - VIR_FREE(data); return -1; } - VIR_FREE(data); break; =20 case DATATYPE_IPV6ADDR: @@ -221,10 +219,8 @@ _printDataType(virNWFilterVarCombIterPtr vars, if (g_snprintf(buf, bufsize, "%s", data) >=3D bufsize) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("buffer too small for IPv6 address")); - VIR_FREE(data); return -1; } - VIR_FREE(data); break; =20 case DATATYPE_MACADDR: @@ -308,10 +304,8 @@ _printDataType(virNWFilterVarCombIterPtr vars, if (virStrcpy(buf, flags, bufsize) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Buffer too small for IPSETFLAGS type")); - VIR_FREE(flags); return -1; } - VIR_FREE(flags); break; =20 case DATATYPE_STRING: @@ -1187,19 +1181,19 @@ _iptablesCreateRuleInstance(virFirewallPtr fw, return -1; =20 if (HAS_ENTRY_ITEM(&rule->p.tcpHdrFilter.dataTCPFlags)) { - char *flags; + g_autofree char *mask =3D NULL; + g_autofree char *flags =3D NULL; if (ENTRY_WANT_NEG_SIGN(&rule->p.tcpHdrFilter.dataTCPFlags)) virFirewallRuleAddArg(fw, fwrule, "!"); virFirewallRuleAddArg(fw, fwrule, "--tcp-flags"); =20 - if (!(flags =3D virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.= dataTCPFlags.u.tcpFlags.mask))) + if (!(mask =3D virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.d= ataTCPFlags.u.tcpFlags.mask))) return -1; - virFirewallRuleAddArg(fw, fwrule, flags); - VIR_FREE(flags); + virFirewallRuleAddArg(fw, fwrule, mask); + if (!(flags =3D virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.= dataTCPFlags.u.tcpFlags.flags))) return -1; virFirewallRuleAddArg(fw, fwrule, flags); - VIR_FREE(flags); } =20 if (iptablesHandlePortData(fw, fwrule, @@ -1528,7 +1522,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw, static int printStateMatchFlags(int32_t flags, char **bufptr) { - virBuffer buf =3D VIR_BUFFER_INITIALIZER; + g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; virNWFilterPrintStateMatchFlags(&buf, "", flags, @@ -1548,7 +1542,9 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw, bool directionIn =3D false; char chainPrefix[2]; bool maySkipICMP, inout =3D false; - char *matchState =3D NULL; + g_autofree char *matchState1 =3D NULL; + g_autofree char *matchState2 =3D NULL; + g_autofree char *matchState3 =3D NULL; bool create; =20 if ((rule->tt =3D=3D VIR_NWFILTER_RULE_DIRECTION_IN) || @@ -1562,7 +1558,6 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw, maySkipICMP =3D directionIn || inout; =20 create =3D true; - matchState =3D NULL; =20 if (directionIn && !inout) { if ((rule->flags & IPTABLES_STATE_FLAGS)) @@ -1570,7 +1565,7 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw, } =20 if (create && (rule->flags & IPTABLES_STATE_FLAGS)) { - if (printStateMatchFlags(rule->flags, &matchState) < 0) + if (printStateMatchFlags(rule->flags, &matchState1) < 0) return -1; } =20 @@ -1583,11 +1578,10 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr = fw, rule, ifname, vars, - matchState, false, + matchState1, false, "RETURN", maySkipICMP); =20 - VIR_FREE(matchState); if (rc < 0) return rc; } @@ -1601,7 +1595,7 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw, } =20 if (create && (rule->flags & IPTABLES_STATE_FLAGS)) { - if (printStateMatchFlags(rule->flags, &matchState) < 0) + if (printStateMatchFlags(rule->flags, &matchState2) < 0) return -1; } =20 @@ -1614,12 +1608,9 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr f= w, rule, ifname, vars, - matchState, false, + matchState2, false, "ACCEPT", maySkipICMP); - - VIR_FREE(matchState); - if (rc < 0) return rc; } @@ -1633,7 +1624,7 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw, create =3D false; } else { if ((rule->flags & IPTABLES_STATE_FLAGS)) { - if (printStateMatchFlags(rule->flags, &matchState) < 0) + if (printStateMatchFlags(rule->flags, &matchState3) < 0) return -1; } } @@ -1648,10 +1639,9 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr f= w, rule, ifname, vars, - matchState, false, + matchState3, false, "RETURN", maySkipICMP); - VIR_FREE(matchState); } =20 return rc; @@ -1797,8 +1787,6 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, const char *target; bool hasMask =3D false; virFirewallRulePtr fwrule; - int ret =3D -1; - virBuffer buf =3D VIR_BUFFER_INITIALIZER; =20 if (STREQ(chainSuffix, virNWFilterChainSuffixTypeToString( @@ -1813,7 +1801,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, \ field, sizeof(field), \ &rule->p.STRUCT.ITEM) < 0) \ - goto cleanup; \ + return -1; \ virFirewallRuleAddArg(fw, fwrule, CLI); \ if (ENTRY_WANT_NEG_SIGN(&rule->p.STRUCT.ITEM)) \ virFirewallRuleAddArg(fw, fwrule, "!"); \ @@ -1825,7 +1813,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, \ field, sizeof(field), \ &rule->p.STRUCT.ITEM) < 0) \ - goto cleanup; \ + return -1; \ virFirewallRuleAddArg(fw, fwrule, CLI); \ if (ENTRY_WANT_NEG_SIGN(&rule->p.STRUCT.ITEM)) \ virFirewallRuleAddArg(fw, fwrule, "!"); \ @@ -1833,7 +1821,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, \ fieldalt, sizeof(fieldalt), \ &rule->p.STRUCT.ITEM_HI) < 0) \ - goto cleanup; \ + return -1; \ virFirewallRuleAddArgFormat(fw, fwrule, \ "%s%s%s", field, SEP, fieldalt= ); \ } else { \ @@ -1855,13 +1843,13 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, vars, &rule->p.ethHdrFilter.ethHdr, reverse) < 0) - goto cleanup; + return -1; =20 if (HAS_ENTRY_ITEM(&rule->p.ethHdrFilter.dataProtocolID)) { if (printDataTypeAsHex(vars, number, sizeof(number), &rule->p.ethHdrFilter.dataProtocolID) <= 0) - goto cleanup; + return -1; virFirewallRuleAddArg(fw, fwrule, "-p"); if (ENTRY_WANT_NEG_SIGN(&rule->p.ethHdrFilter.dataProtocolID)) virFirewallRuleAddArg(fw, fwrule, "!"); @@ -1877,7 +1865,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, vars, &rule->p.vlanHdrFilter.ethHdr, reverse) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArgList(fw, fwrule, "-p", "0x8100", NULL); @@ -1906,7 +1894,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, vars, &rule->p.stpHdrFilter.ethHdr, reverse) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArgList(fw, fwrule, "-d", NWFILTER_MAC_BGA, NULL); @@ -1942,7 +1930,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, vars, &rule->p.arpHdrFilter.ethHdr, reverse) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, "-p"); virFirewallRuleAddArgFormat(fw, fwrule, "0x%x", @@ -1954,7 +1942,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.arpHdrFilter.dataHWType) < 0) - goto cleanup; + return -1; virFirewallRuleAddArg(fw, fwrule, "--arp-htype"); if (ENTRY_WANT_NEG_SIGN(&rule->p.arpHdrFilter.dataHWType)) virFirewallRuleAddArg(fw, fwrule, "!"); @@ -1965,7 +1953,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.arpHdrFilter.dataOpcode) < 0) - goto cleanup; + return -1; virFirewallRuleAddArg(fw, fwrule, "--arp-opcode"); if (ENTRY_WANT_NEG_SIGN(&rule->p.arpHdrFilter.dataOpcode)) virFirewallRuleAddArg(fw, fwrule, "!"); @@ -1976,7 +1964,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataTypeAsHex(vars, number, sizeof(number), &rule->p.arpHdrFilter.dataProtocolType)= < 0) - goto cleanup; + return -1; virFirewallRuleAddArg(fw, fwrule, "--arp-ptype"); if (ENTRY_WANT_NEG_SIGN(&rule->p.arpHdrFilter.dataProtocolType= )) virFirewallRuleAddArg(fw, fwrule, "!"); @@ -1987,13 +1975,13 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, ipaddr, sizeof(ipaddr), &rule->p.arpHdrFilter.dataARPSrcIPAddr) < 0) - goto cleanup; + return -1; =20 if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPSrcIPMask)) { if (printDataType(vars, ipmask, sizeof(ipmask), &rule->p.arpHdrFilter.dataARPSrcIPMask) = < 0) - goto cleanup; + return -1; hasMask =3D true; } =20 @@ -2009,13 +1997,13 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, ipaddr, sizeof(ipaddr), &rule->p.arpHdrFilter.dataARPDstIPAddr) < 0) - goto cleanup; + return -1; =20 if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPDstIPMask)) { if (printDataType(vars, ipmask, sizeof(ipmask), &rule->p.arpHdrFilter.dataARPDstIPMask) = < 0) - goto cleanup; + return -1; hasMask =3D true; } =20 @@ -2031,7 +2019,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, macaddr, sizeof(macaddr), &rule->p.arpHdrFilter.dataARPSrcMACAddr) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, reverse ? "--arp-mac-dst" : "--arp-mac-s= rc"); @@ -2044,7 +2032,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, macaddr, sizeof(macaddr), &rule->p.arpHdrFilter.dataARPDstMACAddr) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, reverse ? "--arp-mac-src" : "--arp-mac-d= st"); @@ -2069,7 +2057,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, vars, &rule->p.ipHdrFilter.ethHdr, reverse) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArgList(fw, fwrule, "-p", "ipv4", NULL); @@ -2078,7 +2066,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, ipaddr, sizeof(ipaddr), &rule->p.ipHdrFilter.ipHdr.dataSrcIPAddr) < = 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, reverse ? "--ip-destination" : "--ip-sou= rce"); @@ -2089,7 +2077,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.ipHdr.dataSrcIPMask= ) < 0) - goto cleanup; + return -1; virFirewallRuleAddArgFormat(fw, fwrule, "%s/%s", ipaddr, number); } else { @@ -2102,7 +2090,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, ipaddr, sizeof(ipaddr), &rule->p.ipHdrFilter.ipHdr.dataDstIPAddr) < = 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, reverse ? "--ip-source" : "--ip-destinat= ion"); @@ -2113,7 +2101,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.ipHdr.dataDstIPMask= ) < 0) - goto cleanup; + return -1; virFirewallRuleAddArgFormat(fw, fwrule, "%s/%s", ipaddr, number); } else { @@ -2125,7 +2113,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.ipHdr.dataProtocolID) <= 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, "--ip-protocol"); if (ENTRY_WANT_NEG_SIGN(&rule->p.ipHdrFilter.ipHdr.dataProtoco= lID)) @@ -2137,7 +2125,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.portData.dataSrcPortSta= rt) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, reverse ? "--ip-destination-port" : "--i= p-source-port"); @@ -2148,7 +2136,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, numberalt, sizeof(numberalt), &rule->p.ipHdrFilter.portData.dataSrcPor= tEnd) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArgFormat(fw, fwrule, "%s:%s", number, numberalt); @@ -2161,7 +2149,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.portData.dataDstPortSta= rt) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, reverse ? "--ip-source-port" : "--ip-des= tination-port"); @@ -2172,7 +2160,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, numberalt, sizeof(numberalt), &rule->p.ipHdrFilter.portData.dataDstPor= tEnd) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArgFormat(fw, fwrule, "%s:%s", number, numberalt); @@ -2185,7 +2173,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataTypeAsHex(vars, number, sizeof(number), &rule->p.ipHdrFilter.ipHdr.dataDSCP) < = 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, "--ip-tos"); if (ENTRY_WANT_NEG_SIGN(&rule->p.ipHdrFilter.ipHdr.dataDSCP)) @@ -2202,7 +2190,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, vars, &rule->p.ipv6HdrFilter.ethHdr, reverse) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArgList(fw, fwrule, "-p", "ipv6", NULL); @@ -2211,7 +2199,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, ipv6addr, sizeof(ipv6addr), &rule->p.ipv6HdrFilter.ipHdr.dataSrcIPAddr) = < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, reverse ? "--ip6-destination" : "--ip6-s= ource"); @@ -2222,7 +2210,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.ipHdr.dataSrcIPMa= sk) < 0) - goto cleanup; + return -1; virFirewallRuleAddArgFormat(fw, fwrule, "%s/%s", ipv6addr, number); } else { @@ -2235,7 +2223,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, ipv6addr, sizeof(ipv6addr), &rule->p.ipv6HdrFilter.ipHdr.dataDstIPAddr) = < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, reverse ? "--ip6-source" : "--ip6-destin= ation"); @@ -2246,7 +2234,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.ipHdr.dataDstIPMa= sk) < 0) - goto cleanup; + return -1; virFirewallRuleAddArgFormat(fw, fwrule, "%s/%s", ipv6addr, number); } else { @@ -2258,7 +2246,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.ipHdr.dataProtocolID)= < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, "--ip6-protocol"); if (ENTRY_WANT_NEG_SIGN(&rule->p.ipv6HdrFilter.ipHdr.dataProto= colID)) @@ -2271,7 +2259,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.portData.dataSrcPortS= tart) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, reverse ? "--ip6-destination-port" : "--= ip6-source-port"); @@ -2282,7 +2270,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, numberalt, sizeof(numberalt), &rule->p.ipv6HdrFilter.portData.dataSrcP= ortEnd) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArgFormat(fw, fwrule, "%s:%s", number, numberalt); @@ -2296,7 +2284,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.portData.dataDstPortS= tart) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArg(fw, fwrule, reverse ? "--ip6-source-port" : "--ip6-d= estination-port"); @@ -2307,7 +2295,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, numberalt, sizeof(numberalt), &rule->p.ipv6HdrFilter.portData.dataDstP= ortEnd) < 0) - goto cleanup; + return -1; =20 virFirewallRuleAddArgFormat(fw, fwrule, "%s:%s", number, numberalt); @@ -2321,7 +2309,8 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeStart) || HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeEnd)) { bool lo =3D false; - char *r; + g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; + g_autofree char *r =3D NULL; =20 virFirewallRuleAddArg(fw, fwrule, "--ip6-icmp-type"); @@ -2330,7 +2319,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.dataICMPTypeStart= ) < 0) - goto cleanup; + return -1; lo =3D true; } else { ignore_value(virStrcpyStatic(number, "0")); @@ -2342,7 +2331,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, numberalt, sizeof(numberalt), &rule->p.ipv6HdrFilter.dataICMPTypeEnd) = < 0) - goto cleanup; + return -1; } else { if (lo) ignore_value(virStrcpyStatic(numberalt, number)); @@ -2358,7 +2347,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.dataICMPCodeStart= ) < 0) - goto cleanup; + return -1; lo =3D true; } else { ignore_value(virStrcpyStatic(number, "0")); @@ -2370,7 +2359,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, if (printDataType(vars, numberalt, sizeof(numberalt), &rule->p.ipv6HdrFilter.dataICMPCodeEnd) = < 0) - goto cleanup; + return -1; } else { if (lo) ignore_value(virStrcpyStatic(numberalt, number)); @@ -2386,8 +2375,6 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, r =3D virBufferContentAndReset(&buf); =20 virFirewallRuleAddArg(fw, fwrule, r); - - VIR_FREE(r); } break; =20 @@ -2421,11 +2408,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, #undef INST_ITEM_2PARMS #undef INST_ITEM =20 - ret =3D 0; - cleanup: - virBufferFreeAndReset(&buf); - - return ret; + return 0; } =20 =20 @@ -3301,9 +3284,8 @@ ebtablesGetSubChainInsts(virHashTablePtr chains, ebtablesSubChainInstPtr **insts, size_t *ninsts) { - virHashKeyValuePairPtr filter_names; + g_autofree virHashKeyValuePairPtr filter_names =3D NULL; size_t i; - int ret =3D -1; =20 filter_names =3D virHashGetItems(chains, ebiptablesFilterOrderSort); @@ -3311,7 +3293,7 @@ ebtablesGetSubChainInsts(virHashTablePtr chains, return -1; =20 for (i =3D 0; filter_names[i].key; i++) { - ebtablesSubChainInstPtr inst; + g_autofree ebtablesSubChainInstPtr inst =3D NULL; enum l3_proto_idx idx =3D ebtablesGetProtoIdxByFiltername( filter_names[i].key); =20 @@ -3324,18 +3306,11 @@ ebtablesGetSubChainInsts(virHashTablePtr chains, inst->protoidx =3D idx; inst->filtername =3D filter_names[i].key; =20 - if (VIR_APPEND_ELEMENT(*insts, *ninsts, inst) < 0) { - VIR_FREE(inst); - goto cleanup; - } + if (VIR_APPEND_ELEMENT(*insts, *ninsts, inst) < 0) + return -1; } =20 - ret =3D 0; - - cleanup: - VIR_FREE(filter_names); - return ret; - + return 0; } =20 static int @@ -3345,12 +3320,12 @@ ebiptablesApplyNewRules(const char *ifname, { size_t i, j; g_autoptr(virFirewall) fw =3D virFirewallNew(); - virHashTablePtr chains_in_set =3D virHashCreate(10, NULL); - virHashTablePtr chains_out_set =3D virHashCreate(10, NULL); + g_autoptr(virHashTable) chains_in_set =3D virHashCreate(10, NULL); + g_autoptr(virHashTable) chains_out_set =3D virHashCreate(10, NULL); bool haveEbtables =3D false; bool haveIptables =3D false; bool haveIp6tables =3D false; - ebtablesSubChainInstPtr *subchains =3D NULL; + g_autofree ebtablesSubChainInstPtr *subchains =3D NULL; size_t nsubchains =3D 0; int ret =3D -1; =20 @@ -3544,9 +3519,6 @@ ebiptablesApplyNewRules(const char *ifname, cleanup: for (i =3D 0; i < nsubchains; i++) VIR_FREE(subchains[i]); - VIR_FREE(subchains); - virHashFree(chains_in_set); - virHashFree(chains_out_set); =20 return ret; } diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter= _gentech_driver.c index 8ba555358d..f586c7e938 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -414,7 +414,6 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr fi= lter, virNWFilterDefPtr next_filter; virNWFilterDefPtr newNext_filter; virNWFilterVarValuePtr val; - virHashTablePtr tmpvars; =20 for (i =3D 0; i < filter->nentries; i++) { virNWFilterRuleDefPtr rule =3D filter->filterEntries[i]->rule; @@ -424,20 +423,16 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr = filter, for (j =3D 0; j < rule->nVarAccess; j++) { if (!virNWFilterVarAccessIsAvailable(rule->varAccess[j], vars)) { - char *varAccess; - virBuffer buf =3D VIR_BUFFER_INITIALIZER; + g_autofree char *varAccess =3D NULL; + g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; =20 virNWFilterVarAccessPrint(rule->varAccess[j], &buf); =20 - val =3D virNWFilterVarValueCreateSimpleCopyValue("1"); - if (!val) { - virBufferFreeAndReset(&buf); + if (!(val =3D virNWFilterVarValueCreateSimpleCopyValue= ("1"))) return -1; - } =20 varAccess =3D virBufferContentAndReset(&buf); rc =3D virHashUpdateEntry(missing_vars, varAccess, val= ); - VIR_FREE(varAccess); if (rc < 0) { virNWFilterVarValueFree(val); return -1; @@ -445,6 +440,8 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr fi= lter, } } } else if (inc) { + g_autoptr(virHashTable) tmpvars =3D NULL; + VIR_DEBUG("Following filter %s", inc->filterref); if (!(obj =3D virNWFilterObjListFindInstantiateFilter(driver->= nwfilters, inc->filte= rref))) @@ -473,9 +470,6 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr fi= lter, missing_vars, useNewFilter, driver); - - virHashFree(tmpvars); - virNWFilterObjUnlock(obj); if (rc < 0) return -1; @@ -516,7 +510,7 @@ virNWFilterDoInstantiate(virNWFilterTechDriverPtr techd= river, int rc; virNWFilterInst inst; bool instantiate =3D true; - char *buf; + g_autofree char *buf =3D NULL; virNWFilterVarValuePtr lv; const char *learning; bool reportIP =3D false; @@ -636,7 +630,6 @@ virNWFilterDoInstantiate(virNWFilterTechDriverPtr techd= river, virReportError(VIR_ERR_INTERNAL_ERROR, _("Cannot instantiate filter due to unresolvable " "variables or unavailable list elements: %s"), bu= f); - VIR_FREE(buf); } =20 rc =3D -1; diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_le= arnipaddr.c index 3bb8c27167..7bb39c3a66 100644 --- a/src/nwfilter/nwfilter_learnipaddr.c +++ b/src/nwfilter/nwfilter_learnipaddr.c @@ -396,8 +396,8 @@ learnIPAddressThread(void *arg) req->binding->portdevname); int dhcp_opts_len; char macaddr[VIR_MAC_STRING_BUFLEN]; - virBuffer buf =3D VIR_BUFFER_INITIALIZER; - char *filter =3D NULL; + g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; + g_autofree char *filter =3D NULL; uint16_t etherType; bool showError =3D true; enum howDetect howDetected =3D 0; @@ -622,8 +622,6 @@ learnIPAddressThread(void *arg) } /* while */ =20 done: - VIR_FREE(filter); - if (handle) pcap_close(handle); =20 @@ -633,7 +631,7 @@ learnIPAddressThread(void *arg) sa.len =3D sizeof(sa.data.inet4); sa.data.inet4.sin_family =3D AF_INET; sa.data.inet4.sin_addr.s_addr =3D vmaddr; - char *inetaddr; + g_autofree char *inetaddr =3D NULL; =20 /* It is necessary to unlock interface here to avoid updateMutex a= nd * interface ordering deadlocks. Otherwise we are going to @@ -656,7 +654,6 @@ learnIPAddressThread(void *arg) req->ifindex); VIR_DEBUG("Result from applying firewall rules on " "%s with IP addr %s : %d", req->binding->portdevname= , inetaddr, ret); - VIR_FREE(inetaddr); } } else { if (showError) --=20 2.25.4