From nobody Sun Nov 2 01:11:11 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1508491826537195.34985655081482; Fri, 20 Oct 2017 02:30:26 -0700 (PDT) Received: from localhost ([::1]:52790 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e5TdE-0000Wu-Sm for importer@patchew.org; Fri, 20 Oct 2017 05:30:20 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56227) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e5Tbo-00080n-Jx for qemu-devel@nongnu.org; Fri, 20 Oct 2017 05:28:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e5Tbl-0000Ft-BY for qemu-devel@nongnu.org; Fri, 20 Oct 2017 05:28:52 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56384) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e5Tbl-0000F0-3I for qemu-devel@nongnu.org; Fri, 20 Oct 2017 05:28:49 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 22CCD4792 for ; Fri, 20 Oct 2017 09:28:48 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.102]) by smtp.corp.redhat.com (Postfix) with ESMTP id D76F0614C5; Fri, 20 Oct 2017 09:28:46 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 22CCD4792 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=berrange@redhat.com From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Fri, 20 Oct 2017 10:28:44 +0100 Message-Id: <20171020092844.13880-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Fri, 20 Oct 2017 09:28:48 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH] sockets: avoid leak of listen file descriptor X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" If we iterate over the full port range without successfully binding+listeni= ng on the socket, we'll try the next address, whereupon we overwrite the slist= en file descriptor variable without closing it. Rather than having two places where we open + close socket FDs on different iterations of nested for loops, re-arrange the code to always open+close within the same loop iteration. Signed-off-by: Daniel P. Berrange --- util/qemu-sockets.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c index b47fb45885..a319338cca 100644 --- a/util/qemu-sockets.c +++ b/util/qemu-sockets.c @@ -207,7 +207,7 @@ static int inet_listen_saddr(InetSocketAddress *saddr, char uaddr[INET6_ADDRSTRLEN+1]; char uport[33]; int rc, port_min, port_max, p; - int slisten =3D 0; + int slisten =3D -1; int saved_errno =3D 0; bool socket_created =3D false; Error *err =3D NULL; @@ -267,16 +267,28 @@ static int inet_listen_saddr(InetSocketAddress *saddr, uaddr,INET6_ADDRSTRLEN,uport,32, NI_NUMERICHOST | NI_NUMERICSERV); =20 - slisten =3D create_fast_reuse_socket(e); - if (slisten < 0) { - continue; - } - socket_created =3D true; port_min =3D inet_getport(e); port_max =3D saddr->has_to ? saddr->to + port_offset : port_min; for (p =3D port_min; p <=3D port_max; p++) { inet_setport(e, p); + + slisten =3D create_fast_reuse_socket(e); + if (slisten < 0) { + /* First time we expect we might fail to create the socket + * eg if 'e' has AF_INET6 but ipv6 kmod is not loaded. + * Later iterations should always succeeed if first iterat= ion + * worked though, so treat that as fatal. + */ + if (p =3D=3D port_min) { + continue; + } else { + error_setg_errno(errp, errno, + "Failed to recreate failed listening = socket"); + goto listen_failed; + } + } + rc =3D try_bind(slisten, saddr, e); if (rc) { if (errno =3D=3D EADDRINUSE) { @@ -299,12 +311,7 @@ static int inet_listen_saddr(InetSocketAddress *saddr, * socket to allow bind attempts for subsequent ports: */ closesocket(slisten); - slisten =3D create_fast_reuse_socket(e); - if (slisten < 0) { - error_setg_errno(errp, errno, - "Failed to recreate failed listening sock= et"); - goto listen_failed; - } + slisten =3D -1; } } error_setg_errno(errp, errno, --=20 2.13.6