From ef5561a2c46c6d358f7f44a0f3417ba0d8028948 Mon Sep 17 00:00:00 2001 From: seanc Date: Thu, 11 Jul 2019 19:07:45 +0000 Subject: [PATCH] usr.sbin/bhyve: free resources if there is an initialization error in rfb Coverity CID: 1357335 Approved by: markj, jhb Differential Revision: https://reviews.freebsd.org/D20919 --- usr.sbin/bhyve/pci_fbuf.c | 11 +++++------ usr.sbin/bhyve/rfb.c | 24 ++++++++++++++++-------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/usr.sbin/bhyve/pci_fbuf.c b/usr.sbin/bhyve/pci_fbuf.c index 2669ea14d3f..beba904061f 100644 --- a/usr.sbin/bhyve/pci_fbuf.c +++ b/usr.sbin/bhyve/pci_fbuf.c @@ -231,9 +231,7 @@ pci_fbuf_parse_opts(struct pci_fbuf_softc *sc, char *opts) ret = 0; uopts = strdup(opts); - for (xopts = strtok(uopts, ","); - xopts != NULL; - xopts = strtok(NULL, ",")) { + while ((xopts = strsep(&uopts, ",")) != NULL) { if (strcmp(xopts, "wait") == 0) { sc->rfb_wait = 1; continue; @@ -260,7 +258,7 @@ pci_fbuf_parse_opts(struct pci_fbuf_softc *sc, char *opts) if (config) { if (tmpstr[0] == '[') tmpstr++; - sc->rfb_host = tmpstr; + sc->rfb_host = strdup(tmpstr); if (config[0] == ':') config++; else { @@ -276,7 +274,7 @@ pci_fbuf_parse_opts(struct pci_fbuf_softc *sc, char *opts) sc->rfb_port = atoi(tmpstr); else { sc->rfb_port = atoi(config); - sc->rfb_host = tmpstr; + sc->rfb_host = strdup(tmpstr); } } } else if (!strcmp(xopts, "vga")) { @@ -310,7 +308,7 @@ pci_fbuf_parse_opts(struct pci_fbuf_softc *sc, char *opts) } else if (sc->memregs.height == 0) sc->memregs.height = 1080; } else if (!strcmp(xopts, "password")) { - sc->rfb_password = config; + sc->rfb_password = strdup(config); } else { pci_fbuf_usage(xopts); ret = -1; @@ -319,6 +317,7 @@ pci_fbuf_parse_opts(struct pci_fbuf_softc *sc, char *opts) } done: + free(uopts); return (ret); } diff --git a/usr.sbin/bhyve/rfb.c b/usr.sbin/bhyve/rfb.c index 0a0538f80e5..18bd03bb6af 100644 --- a/usr.sbin/bhyve/rfb.c +++ b/usr.sbin/bhyve/rfb.c @@ -969,7 +969,7 @@ rfb_init(char *hostname, int port, int wait, char *password) int e; char servname[6]; struct rfb_softc *rc; - struct addrinfo *ai; + struct addrinfo *ai = NULL; struct addrinfo hints; int on = 1; #ifndef WITHOUT_CAPSICUM @@ -984,6 +984,7 @@ rfb_init(char *hostname, int port, int wait, char *password) sizeof(uint32_t)); rc->crc_width = RFB_MAX_WIDTH; rc->crc_height = RFB_MAX_HEIGHT; + rc->sfd = -1; rc->password = password; @@ -1003,28 +1004,25 @@ rfb_init(char *hostname, int port, int wait, char *password) if ((e = getaddrinfo(hostname, servname, &hints, &ai)) != 0) { fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); - return(-1); + goto error; } rc->sfd = socket(ai->ai_family, ai->ai_socktype, 0); if (rc->sfd < 0) { perror("socket"); - freeaddrinfo(ai); - return (-1); + goto error; } setsockopt(rc->sfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); if (bind(rc->sfd, ai->ai_addr, ai->ai_addrlen) < 0) { perror("bind"); - freeaddrinfo(ai); - return (-1); + goto error; } if (listen(rc->sfd, 1) < 0) { perror("listen"); - freeaddrinfo(ai); - return (-1); + goto error; } #ifndef WITHOUT_CAPSICUM @@ -1053,4 +1051,14 @@ rfb_init(char *hostname, int port, int wait, char *password) freeaddrinfo(ai); return (0); + + error: + if (ai != NULL) + freeaddrinfo(ai); + if (rc->sfd != -1) + close(rc->sfd); + free(rc->crc); + free(rc->crc_tmp); + free(rc); + return (-1); } -- 2.45.0