From 989a569c9c9da0fbf89aab7f292669366b2503f1 Mon Sep 17 00:00:00 2001 Message-Id: <989a569c9c9da0fbf89aab7f292669366b2503f1@dist-git> From: Michal Privoznik Date: Wed, 30 Nov 2022 14:53:21 +0100 Subject: [PATCH] node_device_conf: Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The virNodeDeviceGetPCIVPDDynamicCap() function is called from virNodeDeviceGetPCIDynamicCaps() and therefore has to be a wee bit more clever about adding VPD capability. Namely, it has to remove the old one before adding a new one. This is how other functions called from virNodeDeviceGetPCIDynamicCaps() behave as well. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2143235 Signed-off-by: Michal Privoznik Reviewed-by: Peter Krempa (cherry picked from commit 64d32118540aca3d42bc5ee21c8b780cafe04bfa) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-2700 Signed-off-by: Ján Tomko --- src/conf/node_device_conf.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/conf/node_device_conf.c b/src/conf/node_device_conf.c index 16b9497faf..eee94a3900 100644 --- a/src/conf/node_device_conf.c +++ b/src/conf/node_device_conf.c @@ -3100,6 +3100,9 @@ virNodeDeviceGetPCIVPDDynamicCap(virNodeDevCapPCIDev *devCapPCIDev) virPCIDeviceAddress devAddr; g_autoptr(virPCIVPDResource) res = NULL; + g_clear_pointer(&devCapPCIDev->vpd, virPCIVPDResourceFree); + devCapPCIDev->flags &= ~VIR_NODE_DEV_CAP_FLAG_PCI_VPD; + devAddr.domain = devCapPCIDev->domain; devAddr.bus = devCapPCIDev->bus; devAddr.slot = devCapPCIDev->slot; @@ -3113,8 +3116,6 @@ virNodeDeviceGetPCIVPDDynamicCap(virNodeDevCapPCIDev *devCapPCIDev) if ((res = virPCIDeviceGetVPD(pciDev))) { devCapPCIDev->flags |= VIR_NODE_DEV_CAP_FLAG_PCI_VPD; devCapPCIDev->vpd = g_steal_pointer(&res); - } else { - virPCIVPDResourceFree(g_steal_pointer(&devCapPCIDev->vpd)); } } return 0; -- 2.40.1