From 2c42e4c96efd390fa7a6957692a5863d30a10828 Mon Sep 17 00:00:00 2001 From: Daniel P. Berrange Date: Fri, 29 May 2009 14:34:35 +0000 Subject: [PATCH] Avoid double-free in daemon client cleanup code (cherry picked from commit 6c3ef350649b959215cfc5ccfdaba35bf9560066) Fedora-patch: libvirt-0.6.2-libvirtd-double-free.patch --- qemud/qemud.c | 22 +++++++++++++++++----- 1 files changed, 17 insertions(+), 5 deletions(-) diff --git a/qemud/qemud.c b/qemud/qemud.c index 4f04355..e299a67 100644 --- a/qemud/qemud.c +++ b/qemud/qemud.c @@ -1397,7 +1397,10 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket * jobs have finished, then clean it up elsehwere */ void qemudDispatchClientFailure(struct qemud_client *client) { - virEventRemoveHandleImpl(client->watch); + if (client->watch != -1) { + virEventRemoveHandleImpl(client->watch); + client->watch = -1; + } /* Deregister event delivery callback */ if(client->conn) { @@ -1406,12 +1409,21 @@ void qemudDispatchClientFailure(struct qemud_client *client) { } #if HAVE_SASL - if (client->saslconn) sasl_dispose(&client->saslconn); + if (client->saslconn) { + sasl_dispose(&client->saslconn); + client->saslconn = NULL; + } free(client->saslUsername); + client->saslUsername = NULL; #endif - if (client->tlssession) gnutls_deinit (client->tlssession); - close(client->fd); - client->fd = -1; + if (client->tlssession) { + gnutls_deinit (client->tlssession); + client->tlssession = NULL; + } + if (client->fd != -1) { + close(client->fd); + client->fd = -1; + } } -- 1.6.2.5