From: Richard W.M. Jones <rjones@redhat.com>
Date: Thu, 9 Jun 2011 08:39:54 +0000 (+0100)
Subject: Coverity: Don't return freed pointers from command* along error path.
X-Git-Tag: 1.11.10~5
X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=commitdiff_plain;h=29453a58d818df24c238d0a08a68886ebe4029dd

Coverity: Don't return freed pointers from command* along error path.

If the external command failed to run, we could free up the allocated
*stdoutput and *stderror pointers, but then return those freed
pointers to the caller.  The caller usually tries to print and free
*stderror, so this is a serious error.

Instead, return *stdoutput as NULL, and *stderror pointing to a
generic error message.
---

diff --git a/daemon/guestfsd.c b/daemon/guestfsd.c
index ceadfdb..116a6b9 100644
--- a/daemon/guestfsd.c
+++ b/daemon/guestfsd.c
@@ -779,8 +779,20 @@ commandrvf (char **stdoutput, char **stderror, int flags,
 
       perror ("select");
     quit:
-      if (stdoutput) free (*stdoutput);
-      if (stderror) free (*stderror);
+      if (stdoutput) {
+        free (*stdoutput);
+        *stdoutput = NULL;
+      }
+      if (stderror) {
+        free (*stderror);
+        /* Need to return non-NULL *stderror here since most callers
+         * will try to print and then free the err string.
+         * Unfortunately recovery from strdup failure here is not
+         * possible.
+         */
+        *stderror = strdup ("error running external command, "
+                            "see debug output for details");
+      }
       close (so_fd[0]);
       close (se_fd[0]);
       waitpid (pid, NULL, 0);