From 2444c411cabf4df583c4116dd730e8583eb19c69 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Thu, 14 Apr 2011 14:03:46 +0200 Subject: [PATCH] network: Fix NULL dereference during error recovery This fixes: https://bugzilla.redhat.com/show_bug.cgi?id=696660 While starting a network, if brSetForwardDelay() fails, we go to err1 where we want to access macTapIfName variable which was just VIR_FREE'd a few lines above. Instead, keep macTapIfName until we are certain of success. --- src/network/bridge_driver.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index ea2bfd487d..97d8ce027b 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -1616,7 +1616,7 @@ networkStartNetworkDaemon(struct network_driver *driver, bool v4present = false, v6present = false; virErrorPtr save_err = NULL; virNetworkIpDefPtr ipdef; - char *macTapIfName; + char *macTapIfName = NULL; if (virNetworkObjIsActive(network)) { networkReportError(VIR_ERR_OPERATION_INVALID, @@ -1657,7 +1657,6 @@ networkStartNetworkDaemon(struct network_driver *driver, VIR_FREE(macTapIfName); goto err0; } - VIR_FREE(macTapIfName); } /* Set bridge options */ @@ -1731,6 +1730,7 @@ networkStartNetworkDaemon(struct network_driver *driver, goto err5; } + VIR_FREE(macTapIfName); VIR_INFO(_("Starting up network '%s'"), network->def->name); network->active = 1; @@ -1778,6 +1778,7 @@ networkStartNetworkDaemon(struct network_driver *driver, macTapIfName, network->def->bridge, virStrerror(err, ebuf, sizeof ebuf)); } + VIR_FREE(macTapIfName); err0: if (!save_err) -- GitLab