diff options
author | Matthew Daley <mattjd@gmail.com> | 2013-09-10 22:18:46 +1200 |
---|---|---|
committer | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2013-10-10 15:49:54 +0100 |
commit | 4c37ed562224295c0f8b00211287d57cae629782 (patch) | |
tree | 338d1d95bf38264cd3dfc4ed2c1274008e238b40 | |
parent | 3cd10fd21220f2b814324e6e732004f8f0487d0a (diff) | |
download | xen-4c37ed562224295c0f8b00211287d57cae629782.tar.gz xen-4c37ed562224295c0f8b00211287d57cae629782.tar.bz2 xen-4c37ed562224295c0f8b00211287d57cae629782.zip |
libxl: fix out-of-memory error handling in libxl_list_cpupool
...otherwise it will return freed memory. All the current users of this
function check already for a NULL return, so use that.
Coverity-ID: 1056194
This is CVE-2013-4371 / XSA-70
Signed-off-by: Matthew Daley <mattjd@gmail.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
-rw-r--r-- | tools/libxl/libxl.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c index b6daceaf9b..29e66f27d0 100644 --- a/tools/libxl/libxl.c +++ b/tools/libxl/libxl.c @@ -654,6 +654,7 @@ libxl_cpupoolinfo * libxl_list_cpupool(libxl_ctx *ctx, int *nb_pool_out) if (!tmp) { LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "allocating cpupool info"); libxl_cpupoolinfo_list_free(ptr, i); + ptr = NULL; goto out; } ptr = tmp; |