From: Jim Fehlig <jfehlig@suse.com>
Date: Wed, 15 Feb 2017 17:45:27 +0000 (-0700)
Subject: libxl: fix potential double free in libxlDriverGetDom0MaxmemConf
X-Git-Tag: CVE-2017-2635~101
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2dc1cf19dbaf648662fbf3c810db65ddcf5d0444;p=thirdparty%2Flibvirt.git

libxl: fix potential double free in libxlDriverGetDom0MaxmemConf

Commit 4ab0c959 fixed a memory leak in libxlDriverGetDom0MaxmemConf
but introduced a potential double free of mem_tokens

*** Error in `/usr/sbin/libvirtd': double free or corruption (out):
    0x00007fffc808cfd0 ***

Avoid double free by setting mem_tokens to NULL after calling
virStringListFree.
---

diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index f5b788b50f..4bab651b33 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1623,6 +1623,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriverConfigPtr cfg,
             }
         }
         virStringListFree(mem_tokens);
+        mem_tokens = NULL;
     }
 
  physmem: