fdstream: avoid double close bug

Wen Congyang reported that we have a double-close bug if we fail
virFDStreamOpenInternal, since childfd duplicated one of the fds[]
array contents.  In truth, since we always transfer both members
of fds to other variables, we should close the fds through those
other names, and just use fds[] for pipe().

Bug present since 0.9.0 (commit e886237a).

* src/fdstream.c (virFDStreamOpenFileInternal): Swap scope of
childfd and fds[], to avoid a double close.

diff --git a/src/fdstream.c b/src/fdstream.c
index fca0f412d63250e406ea55f18624a5ebb9997189..a4b41c051c29fb8748b7e5c56a408dca7d2dd6d4 100644 (file)
--- a/src/fdstream.c
+++ b/src/fdstream.c
@@ -577,7 +577,7 @@ virFDStreamOpenFileInternal(virStreamPtr st,
                             int mode)
 {
     int fd = -1;
-    int fds[2] = { -1, -1 };
+    int childfd = -1;
     struct stat sb;
     virCommandPtr cmd = NULL;
     int errfd = -1;
@@ -619,7 +619,7 @@ virFDStreamOpenFileInternal(virStreamPtr st,
     if ((st->flags & VIR_STREAM_NONBLOCK) &&
         (!S_ISCHR(sb.st_mode) &&
          !S_ISFIFO(sb.st_mode))) {
-        int childfd;
+        int fds[2] = { -1, -1 };
 
         if ((oflags & O_ACCMODE) == O_RDWR) {
             streamsReportError(VIR_ERR_INTERNAL_ERROR,
@@ -665,9 +665,8 @@ virFDStreamOpenFileInternal(virStreamPtr st,
 
 error:
     virCommandFree(cmd);
-    VIR_FORCE_CLOSE(fds[0]);
-    VIR_FORCE_CLOSE(fds[1]);
     VIR_FORCE_CLOSE(fd);
+    VIR_FORCE_CLOSE(childfd);
     VIR_FORCE_CLOSE(errfd);
     if (oflags & O_CREAT)
         unlink(path);