From dac697e8d7d6d9a607e61caeeec06b259edf513f Mon Sep 17 00:00:00 2001 From: Laine Stump Date: Thu, 15 Aug 2019 21:52:28 -0400 Subject: [PATCH] network: fix crash during cleanup from failure to allocate port During networkPortCreateXML, if networkAllocatePort() failed, networkReleasePort() would be called, which would (in the case of network pools of macvtap passthrough devices) attempt to find the allocated device by comparing port->plug.direct.linkdev to each device in the pool. Since port->plug.direct.linkdev was still NULL, the attempted strcmp would result in a SEGV. Calling networkReleasePort() during error cleanup is something that should only be done if networkAllocatePort() has already succeeded. It turns out there is one other possible error exit from networkPortCreateXML() that happens after networkAllocatePort() has succeeded, so the code to call networkReleasePort() was just moved down to there. Resolves: https://bugzilla.redhat.com/1741390 Signed-off-by: Laine Stump Reviewed-by: Michal Privoznik --- src/network/bridge_driver.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 1a5d08a00d..dae1def8de 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -5592,17 +5592,17 @@ networkPortCreateXML(virNetworkPtr net, rc = networkNotifyPort(obj, portdef); else rc = networkAllocatePort(obj, portdef); - if (rc < 0) { - virErrorPtr saved; - saved = virSaveLastError(); - ignore_value(networkReleasePort(obj, portdef)); - virSetError(saved); - virFreeError(saved); + if (rc < 0) goto cleanup; - } if (virNetworkObjAddPort(obj, portdef, driver->stateDir) < 0) { + virErrorPtr saved; + + saved = virSaveLastError(); + ignore_value(networkReleasePort(obj, portdef)); virNetworkPortDefFree(portdef); + virSetError(saved); + virFreeError(saved); goto cleanup; }