From 6c3ef350649b959215cfc5ccfdaba35bf9560066 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Fri, 29 May 2009 14:34:35 +0000 Subject: [PATCH] Avoid double-free in daemon client cleanup code --- ChangeLog | 5 +++++ qemud/qemud.c | 22 +++++++++++++++++----- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index e3f865cf44..4d94a9d57c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Fri May 29 15:34:30 BST 2009 Daniel P. Berrange + + * qemud/qemud.c: Set free'd variables to NULL to avoid potential + double-free() scenario when client unexpectedly closes connection + Fri May 29 15:26:30 BST 2009 Daniel P. Berrange Win32 portability fixes diff --git a/qemud/qemud.c b/qemud/qemud.c index 137556015f..783dc69927 100644 --- a/qemud/qemud.c +++ b/qemud/qemud.c @@ -1378,7 +1378,10 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket * jobs have finished, then clean it up elsehwere */ void qemudDispatchClientFailure(struct qemud_client *client) { - virEventRemoveHandleImpl(client->watch); + if (client->watch != -1) { + virEventRemoveHandleImpl(client->watch); + client->watch = -1; + } /* Deregister event delivery callback */ if(client->conn) { @@ -1387,12 +1390,21 @@ void qemudDispatchClientFailure(struct qemud_client *client) { } #if HAVE_SASL - if (client->saslconn) sasl_dispose(&client->saslconn); + if (client->saslconn) { + sasl_dispose(&client->saslconn); + client->saslconn = NULL; + } free(client->saslUsername); + client->saslUsername = NULL; #endif - if (client->tlssession) gnutls_deinit (client->tlssession); - close(client->fd); - client->fd = -1; + if (client->tlssession) { + gnutls_deinit (client->tlssession); + client->tlssession = NULL; + } + if (client->fd != -1) { + close(client->fd); + client->fd = -1; + } } -- GitLab