>On 09/26/2017 03:54 PM, ZhiPeng Lu wrote:>> In learnIPAddressThread()the
>@inetaddr may be leaked.>> > Signed-off-by: ZhiPeng Lu
><lu.zhip...@zte.com.cn>> ---> src/nwfilter/nwfilter_learnipaddr.c | 4 +++->
>1 file changed, 3 insertions(+), 1 deletion(-)> > diff --git
>a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c>
>index cfd92d9..5dc212e 100644> --- a/src/nwfilter/nwfilter_learnipaddr.c> +++
>b/src/nwfilter/nwfilter_learnipaddr.c> @@ -625,6 +625,7 @@
>learnIPAddressThread(void *arg)> if
>(virNWFilterIPAddrMapAddIPAddr(req->ifname, inetaddr) < 0) {>>
> VIR_ERROR(_("Failed to add IP address %s to IP address ">>
> "cache for interface %s"), inetaddr, req->ifname)>> +
>VIR_FREE(inetaddr)>> }>> >> ret =
>virNWFilterInstantiateFilterLate(req->driver,>> @@ -636,7 +637,8 @@
>learnIPAddressThread(void *arg)>>
> req->filtername,>>
>req->filterparams)>> VIR_DEBUG("Result from applying firewall
>rules on ">> - "%s with IP addr %s : %d", req->ifname,
>inetaddr, ret)>> + "%s with IP addr %s : %d",
>req->ifname, NULLSTR(inetaddr), ret)> +>Still not quite right... VIR_FREE()
>only happens if>virNWFilterIPAddrMapAddIPAddr() < 0.>Not sure what the purpose
>of a VIR_FREE in the upper condition and then>NULLSTR() below would be...
>We're still calling>virNWFilterInstantiateFilterLate regardless and still want
>the VIR_DEBUG>printed.>Perhaps just a VIR_FREE() after the VIR_DEBUG would
>seem to be>sufficient since there's no escape clause. The VIR_ERROR may help
>us>understand why/if ret != 0 though... I didn't put much thought into
>that>though.
we can't free inetaddr if virNWFilterIPAddrMapAddIPAddr() ==0 because it is
used by ipAddressMap.
So i free inetaddr only if virNWFilterIPAddrMapAddIPAddr < 0.
I will add a variable to save the return value of
virNWFilterIPAddrMapAddIPAddr.
Free inetaddr if virNWFilterIPAddrMapAddIPAddr< 0 after VIR_ERROR print.
为了让您的VPlat虚拟机故障和docker故障得到高效的处理,请上报故障到: $VPlat技术支持。
芦志朋 luzhipeng
IT开发工程师 IT Development
Engineer
操作系统产品部/中心研究院/系统产品 OS Product Dept./Central R&D Institute/System Product
四川省成都市天府大道中段800号
E: lu.zhip...@zte.com.cn
www.zte.com.cn
原始邮件
发件人: <jfer...@redhat.com>
收件人:芦志朋10108272 <libvir-list@redhat.com>
日 期 :2017年09月27日 07:46
主 题 :Re: [libvirt] [PATCH v2] nwfilter: Don't leak @inetaddr
On 09/26/2017 03:54 PM, ZhiPeng Lu wrote:
> In learnIPAddressThread()the @inetaddr may be leaked.
>
> Signed-off-by: ZhiPeng Lu <lu.zhip...@zte.com.cn>
> ---
> src/nwfilter/nwfilter_learnipaddr.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/nwfilter/nwfilter_learnipaddr.c
> b/src/nwfilter/nwfilter_learnipaddr.c
> index cfd92d9..5dc212e 100644
> --- a/src/nwfilter/nwfilter_learnipaddr.c
> +++ b/src/nwfilter/nwfilter_learnipaddr.c
> @@ -625,6 +625,7 @@ learnIPAddressThread(void *arg)
> if (virNWFilterIPAddrMapAddIPAddr(req->ifname, inetaddr) < 0) {
> VIR_ERROR(_("Failed to add IP address %s to IP address "
> "cache for interface %s"), inetaddr, req->ifname)
> + VIR_FREE(inetaddr)
> }
>
> ret = virNWFilterInstantiateFilterLate(req->driver,
> @@ -636,7 +637,8 @@ learnIPAddressThread(void *arg)
> req->filtername,
> req->filterparams)
> VIR_DEBUG("Result from applying firewall rules on "
> - "%s with IP addr %s : %d", req->ifname, inetaddr, ret)
> + "%s with IP addr %s : %d", req->ifname,
> NULLSTR(inetaddr), ret)> +
Still not quite right... VIR_FREE() only happens if
virNWFilterIPAddrMapAddIPAddr() < 0.
Not sure what the purpose of a VIR_FREE in the upper condition and then
NULLSTR() below would be... We're still calling
virNWFilterInstantiateFilterLate regardless and still want the VIR_DEBUG
printed.
Perhaps just a VIR_FREE() after the VIR_DEBUG would seem to be
sufficient since there's no escape clause. The VIR_ERROR may help us
understand why/if ret != 0 though... I didn't put much thought into that
though.
John
> }
> } else {
> if (showError)
>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list