From: Martin Kletzander <mkletzan@redhat.com>
Date: Tue, 4 Nov 2014 09:46:41 +0000 (+0100)
Subject: util: fix releasing pidfile in cleanup
X-Git-Tag: CVE-2014-7823~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f43bb832646588f57303f09fe5c7ac8ba7602d8;p=thirdparty%2Flibvirt.git

util: fix releasing pidfile in cleanup

Coverity found out the very obvious problem in the code.  That is that
virPidFileReleasePath() was called only if
virPidFileAcquirePath() returned 0.  But virPidFileAcquirePath() doesn't
return only 0 on success, but the FD that needs to be closed.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---

diff --git a/src/util/virpidfile.c b/src/util/virpidfile.c
index 098458f7eb..a77a326506 100644
--- a/src/util/virpidfile.c
+++ b/src/util/virpidfile.c
@@ -592,9 +592,8 @@ virPidFileForceCleanupPath(const char *path)
     if (virPidFileReadPath(path, &pid) < 0)
         return -1;
 
-    if (virPidFileAcquirePath(path, false, 0) == 0) {
-        virPidFileReleasePath(path, fd);
-    } else {
+    fd = virPidFileAcquirePath(path, false, 0);
+    if (fd < 0) {
         virResetLastError();
 
         /* Only kill the process if the pid is valid one.  0 means
@@ -607,5 +606,8 @@ virPidFileForceCleanupPath(const char *path)
             return -1;
     }
 
+    if (fd)
+        virPidFileReleasePath(path, fd);
+
     return 0;
 }