External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-31 14:07:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

net: leaseshelper: Refactor copying of old entries to avoid double free

Browse Source 
When copying entries from the old lease file into the new array the old
code would copy the pointer of the json object into the second array
without removing it from the first. Afterwards when both arrays were
freed this might lead to a crash due to access of already freed memory.

Refactor the code to use the new array item stealing helper added to the
json code so that the entry resides just in one array.
This commit is contained in:
Peter Krempa 2014-06-16 17:18:07 +02:00
parent 45d51681ce
commit 0657ed2a5c
1 changed files with 47 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
src/network/leaseshelper.c
View File

@ -116,7 +116,6 @@ main(int argc, char **argv)
long long currtime = 0;
long long expirytime = 0;
size_t i = 0;
int size = 0;
int action = -1;
int pid_file_fd = -1;
int rv = EXIT_FAILURE;
@ -270,20 +269,6 @@ main(int argc, char **argv)
virLeaseActionTypeToString(action));
exit(EXIT_FAILURE);
}
/* Check for previous leases */
if (custom_lease_file_len) {
if (!(leases_array = virJSONValueFromString(lease_entries))) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("invalid json in file: %s, rewriting it"),
custom_lease_file);
} else {
if ((size = virJSONValueArraySize(leases_array)) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("couldn't fetch array of leases"));
goto cleanup;
}
}
}
if (!(leases_array_new = virJSONValueNewArray())) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@ -293,36 +278,58 @@ main(int argc, char **argv)
currtime = (long long) time(NULL);
for (i = 0; i < size; i++) {
const char *ip_tmp = NULL;
long long expirytime_tmp = -1;
/* Check for previous leases */
if (custom_lease_file_len) {
if (!(leases_array = virJSONValueFromString(lease_entries))) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("invalid json in file: %s, rewriting it"),
custom_lease_file);
} else {
if (!virJSONValueIsArray(leases_array)) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("couldn't fetch array of leases"));
goto cleanup;
}
if (!(lease_tmp = virJSONValueArrayGet(leases_array, i))) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to parse json"));
goto cleanup;
}
i = 0;
while (i < virJSONValueArraySize(leases_array)) {
const char *ip_tmp = NULL;
long long expirytime_tmp = -1;
if (!(ip_tmp = virJSONValueObjectGetString(lease_tmp, "ip-address")) ||
(virJSONValueObjectGetNumberLong(lease_tmp, "expiry-time", &expirytime_tmp) < 0)) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to parse json"));
goto cleanup;
}
if (!(lease_tmp = virJSONValueArrayGet(leases_array, i))) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to parse json"));
goto cleanup;
}
/* Check whether lease has expired or not */
if (expirytime_tmp < currtime)
continue;
if (!(ip_tmp = virJSONValueObjectGetString(lease_tmp, "ip-address")) ||
(virJSONValueObjectGetNumberLong(lease_tmp, "expiry-time", &expirytime_tmp) < 0)) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to parse json"));
goto cleanup;
}
/* Check whether lease has to be included or not */
if (delete && STREQ(ip_tmp, ip))
continue;
/* Check whether lease has expired or not */
if (expirytime_tmp < currtime) {
i++;
continue;
}
/* Add old lease to new array */
if (virJSONValueArrayAppend(leases_array_new, lease_tmp) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to create json"));
goto cleanup;
/* Check whether lease has to be included or not */
if (delete && STREQ(ip_tmp, ip)) {
i++;
continue;
}
/* Move old lease to new array */
if (virJSONValueArrayAppend(leases_array_new, lease_tmp) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to create json"));
goto cleanup;
}
ignore_value(virJSONValueArraySteal(leases_array, i));
}
}
}