[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] l2tpv3: fix possible double free
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH] l2tpv3: fix possible double free |
Date: |
Fri, 14 Nov 2014 09:45:36 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 |
On 14/11/2014 02:39, zhanghailiang wrote:
> freeaddrinfo(result) does not assign result = NULL, after frees it.
> There will be a double free when it goes error case.
> It is reported by covertiy.
>
> Signed-off-by: zhanghailiang <address@hidden>
> ---
> net/l2tpv3.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/l2tpv3.c b/net/l2tpv3.c
> index 528d95b..f9e0c98 100644
> --- a/net/l2tpv3.c
> +++ b/net/l2tpv3.c
> @@ -661,6 +661,7 @@ int net_init_l2tpv3(const NetClientOptions *opts,
> fd = -errno;
> error_report("l2tpv3_open : socket creation failed, errno = %d",
> -fd);
> freeaddrinfo(result);
> + result = NULL;
You can just remove the call to freeaddrinfo(). I made the change and
applied the patch.
Paolo
> goto outerr;
> }
> if (bind(fd, (struct sockaddr *) result->ai_addr, result->ai_addrlen)) {
>