mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-22 07:03:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

daemon: Don't xdr_free uninitialized args struct on error paths.

Browse Source 
For stubs of functions that had arguments, code did this:

static void
mount_stub (XDR *xdr_in)
{
  int r;
  struct guestfs_mount_args args;

  if (optargs_bitmask != 0) {
    //...
    goto done;
  }
  // possibly other tests here

  memset (&args, 0, sizeof args);

  [...]

done:
  xdr_free ((xdrproc_t) xdr_guestfs_mount_args, (char *) &args);
  return;
}

This caused xdr_free to be called on uninitialized 'args' struct,
causing a segfault.

The fix is to add another label, so the code looks like:

static void
mount_stub (XDR *xdr_in)
{
  int r;
  struct guestfs_mount_args args;

  if (optargs_bitmask != 0) {
    //...
    goto done_no_free;
  }
  // possibly other tests here

  memset (&args, 0, sizeof args);

  [...]

done:
  xdr_free ((xdrproc_t) xdr_guestfs_mount_args, (char *) &args);
done_no_free:
  return;
}

This fixes commit 330fbea5b2
and commit 0344248af5.
This commit is contained in:
Richard W.M. Jones
2012-02-13 08:58:04 +00:00
parent c8a11468c4
commit ba443ae048
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
generator/generator_daemon.ml
View File

@@ -136,7 +136,7 @@ and generate_daemon_actions () =
pr " \"build of libguestfs. Read 'AVAILABILITY' in the guestfs(3) man page for\\n\"\n";
pr " \"how to check for the availability of features.\",\n";
pr " \"%s\");\n" group;
pr " goto done;\n";
pr " goto done_no_free;\n";
pr " }\n";
pr "\n"
| _ -> ()
@@ -154,14 +154,14 @@ and generate_daemon_actions () =
if is_filein then
pr " cancel_receive ();\n";
pr " reply_with_error (\"unknown option in optional arguments bitmask (this can happen if a program is compiled against a newer version of libguestfs, then run against an older version of the daemon)\");\n";
pr " goto done;\n";
pr " goto done_no_free;\n";
pr " }\n";
) else (
pr " if (optargs_bitmask != 0) {\n";
if is_filein then
pr " cancel_receive ();\n";
pr " reply_with_error (\"header optargs_bitmask field must be passed as 0 for calls that don't take optional arguments\");\n";
pr " goto done;\n";
pr " goto done_no_free;\n";
pr " }\n";
);
pr "\n";
@@ -339,6 +339,7 @@ and generate_daemon_actions () =
pr " xdr_free ((xdrproc_t) xdr_guestfs_%s_args, (char *) &args);\n"
name
);
pr "done_no_free:\n";
pr " return;\n";
pr "}\n\n";
) daemon_functions;