libvirt/daemon
Eric Blake 34538870c7 daemon: avoid memleak when ListAll returns nothing
Commit 4f25146 (v1.2.8) managed to silence Coverity, but at the
cost of a memory leak detected by valgrind:
==24129== 40 bytes in 5 blocks are definitely lost in loss record 355 of 637
==24129==    at 0x4A08B1C: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24129==    by 0x5084B8E: virReallocN (viralloc.c:245)
==24129==    by 0x514D5AA: virDomainObjListExport (domain_conf.c:22200)
==24129==    by 0x201227DB: qemuConnectListAllDomains (qemu_driver.c:18042)
==24129==    by 0x51CC1B6: virConnectListAllDomains (libvirt-domain.c:6797)
==24129==    by 0x14173D: remoteDispatchConnectListAllDomains (remote.c:1580)
==24129==    by 0x121BE1: remoteDispatchConnectListAllDomainsHelper (remote_dispatch.h:1072)

In short, every time a client calls a ListAll variant and asks
for the resulting list, but there are 0 elements to return, we
end up leaking the 1-entry array that holds the NULL terminator.

What's worse, a read-only client can access these functions in a
tight loop to cause libvirtd to eventually run out of memory; and
this can be considered a denial of service attack against more
privileged clients.  Thankfully, the leak is so small (8 bytes per
call) that you would already have some other denial of service with
any guest calling the API that frequently, so an out-of-memory
crash is unlikely enough that this did not warrant a CVE.

* daemon/remote.c (remoteDispatchConnectListAllDomains)
(remoteDispatchDomainListAllSnapshots)
(remoteDispatchDomainSnapshotListAllChildren)
(remoteDispatchConnectListAllStoragePools)
(remoteDispatchStoragePoolListAllVolumes)
(remoteDispatchConnectListAllNetworks)
(remoteDispatchConnectListAllInterfaces)
(remoteDispatchConnectListAllNodeDevices)
(remoteDispatchConnectListAllNWFilters)
(remoteDispatchConnectListAllSecrets)
(remoteDispatchNetworkGetDHCPLeases): Plug leak.

Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 3c2ff5029b)
2015-03-16 10:34:14 -06:00
..
libvirtd-config.c virconf: Introduce VIR_CONF_ULONG 2014-12-15 10:34:18 +01:00
libvirtd-config.h Remove global log buffer feature entirely 2014-03-18 14:29:22 +00:00
libvirtd.aug daemon: Introduce max_anonymous_clients 2014-03-17 17:45:13 +01:00
libvirtd.c Remove unnecessary curly brackets in daemon/ and examples/ 2014-11-14 17:13:00 +01:00
libvirtd.conf daemon: use socket activation with systemd 2014-08-22 09:12:14 +02:00
libvirtd.h qemu: wire up RPC for qemu monitor events 2014-03-20 11:25:37 -06:00
libvirtd.init.in virtlockd: improve initscripts 2013-12-10 12:02:37 +01:00
libvirtd.logrotate.in
libvirtd.lxc.logrotate.in
libvirtd.pod.in Properly handle -h / -V for --help/--version aliases in virtlockd/libvirtd 2013-08-13 14:06:01 +01:00
libvirtd.policy.in daemon: Make the default PolicyKit policy auth_admin_keep. 2012-11-01 13:17:26 +00:00
libvirtd.qemu.logrotate.in
libvirtd.sasl daemon: Fix command example in libvirtd.sasl 2013-07-09 10:01:55 -04:00
libvirtd.service.in daemon: use socket activation with systemd 2014-08-22 09:12:14 +02:00
libvirtd.socket.in daemon: use socket activation with systemd 2014-08-22 09:12:14 +02:00
libvirtd.sysconf daemon: Enhance documentation for changing NOFILE limit 2014-03-20 10:55:44 +01:00
libvirtd.sysctl
libvirtd.uml.logrotate.in
libvirtd.upstart
Makefile.am Convert remote daemon & acl code to use polkit API 2014-09-24 15:29:22 +01:00
remote.c daemon: avoid memleak when ListAll returns nothing 2015-03-16 10:34:14 -06:00
remote.h Implement the RPC protocol for the libvirt-lxc.la library 2013-01-15 18:16:53 +00:00
stream.c Replace virStreamFree with virObjectUnref 2014-12-02 11:03:41 -05:00
stream.h maint: fix up copyright notice inconsistencies 2012-09-20 16:30:55 -06:00
test_libvirtd.aug.in daemon: Introduce max_anonymous_clients 2014-03-17 17:45:13 +01:00
THREADS.txt docs: fix usage of 'onto' 2013-04-19 14:31:16 -06:00