mirror of
https://github.com/checkpoint-restore/criu
synced 2025-08-30 22:05:36 +00:00
unix: fix double free on error paths
CID 1141011 (#1 of 1): Double free (USE_AFTER_FREE) 24. double_free: Calling "free(void *)" frees pointer "ue" which has already been freed. Signed-off-by: Andrey Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This commit is contained in:
Andrey Vagin
committed by
Pavel Emelyanov
Pavel Emelyanov
parent
4202acbc8f
commit
07d9e11374
@@ -311,7 +311,6 @@ dump:
|
||||
if (dump_socket_opts(lfd, skopts))
|
||||
goto err;
|
||||
|
||||
sk->ue = ue;
|
||||
/*
|
||||
* If a stream listening socket has non-zero rqueue, this
|
||||
* means there are in-flight connections waiting to get
|
||||
@@ -320,12 +319,13 @@ dump:
|
||||
*/
|
||||
if (sk->rqlen != 0 && !(sk->type == SOCK_STREAM &&
|
||||
sk->state == TCP_LISTEN))
|
||||
if (dump_sk_queue(lfd, ue->id))
|
||||
if (dump_sk_queue(lfd, id))
|
||||
goto err;
|
||||
|
||||
pr_info("Dumping unix socket at %d\n", p->fd);
|
||||
show_one_unix("Dumping", sk);
|
||||
|
||||
sk->ue = ue;
|
||||
/*
|
||||
* Postpone writing the entry if a peer isn't found yet.
|
||||
* It's required, because we may need to modify the entry.
|
||||
@@ -333,7 +333,7 @@ dump:
|
||||
* a callback, the USK_CALLBACK flag must be set.
|
||||
*/
|
||||
if (list_empty(&sk->peer_node) && write_unix_entry(sk))
|
||||
goto err;
|
||||
return -1;
|
||||
|
||||
list_del_init(&sk->list);
|
||||
sk->sd.already_dumped = 1;
|
||||
@@ -345,7 +345,7 @@ dump:
|
||||
list_del_init(&psk->peer_node);
|
||||
|
||||
if (write_unix_entry(psk))
|
||||
goto err;
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
Reference in New Issue
Block a user