]> xenbits.xensource.com Git - libvirt.git/commitdiff
projects / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 727cda9)
Fix memory leaks in libvirtd's message processing
authorMatthias Bolte <matthias.bolte@googlemail.com>
Wed, 30 Sep 2009 00:17:27 +0000 (02:17 +0200)
committerMatthias Bolte <matthias.bolte@googlemail.com>
Wed, 30 Sep 2009 00:27:00 +0000 (02:27 +0200)
Commit 47cab734995fa9521b1df05d37e9978eedd8d3a2 changed the way how
qemud_client_message objects were reused. Before this commit
remoteDispatchClientRequest() reused the received message for normal responses
and to report non-fatal errors. If a fatal error occurred qemudWorker() frees
the message. After this commit non-fatal errors are reported by
remoteSerializeReplyError() using a new qemud_client_message object and the
original message leaks.

To fix this leak the original message has to be freed if
remoteSerializeReplyError() succeeds. If remoteSerializeReplyError()
fails the original message is freed in qemudWorker().

* daemon/dispatch.c: free qemud_client_message objects that will not be reused
  and would leak otherwise, also free the allocated qemud_client_message object
  in remoteSerializeError() if an error occurs

daemon/dispatch.c patch | blob | blame | history

diff --git a/daemon/dispatch.c b/daemon/dispatch.c
index 7417001e1422b4cf192372f48b7b12bde0ed7ea1..e9fe260168d9bb1aee8037527a6dbea4f4a9d985 100644 (file)
--- a/daemon/dispatch.c
+++ b/daemon/dispatch.c
@@ -195,6 +195,7 @@ remoteSerializeError(struct qemud_client *client,
 
 xdr_error:
     xdr_destroy(&xdr);
+    VIR_FREE(msg);
 fatal_error:
     xdr_free((xdrproc_t)xdr_remote_error,  (char *)rerr);
     return -1;
@@ -359,6 +360,7 @@ remoteDispatchClientRequest (struct qemud_server *server,
                              struct qemud_client *client,
                              struct qemud_client_message *msg)
 {
+    int ret;
     remote_error rerr;
 
     DEBUG("prog=%d ver=%d type=%d satus=%d serial=%d proc=%d",
@@ -404,7 +406,12 @@ remoteDispatchClientRequest (struct qemud_server *server,
     return 0;
 
 error:
-    return remoteSerializeReplyError(client, &rerr, &msg->hdr);
+    ret = remoteSerializeReplyError(client, &rerr, &msg->hdr);
+
+    if (ret >= 0)
+        VIR_FREE(msg);
+
+    return ret;
 }
 
 
@@ -561,8 +568,12 @@ remoteDispatchClientCall (struct qemud_server *server,
 rpc_error:
     /* Semi-bad stuff happened, we can still try to send back
      * an RPC error message to client */
-    return remoteSerializeReplyError(client, &rerr, &msg->hdr);
+    rv = remoteSerializeReplyError(client, &rerr, &msg->hdr);
+
+    if (rv >= 0)
+        VIR_FREE(msg);
 
+    return rv;
 
 xdr_error:
     /* Seriously bad stuff happened, so we'll kill off this client
Unnamed repository; edit this file 'description' to name the repository.