From: John Ferlan <jferlan@redhat.com>
Date: Fri, 10 Feb 2017 11:54:56 +0000 (-0500)
Subject: libxl: Resolve possible resource leak in dom0 maximum memory setting
X-Git-Tag: CVE-2017-2635~123
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ab0c959e936de7fa2752160ff532913740d4da9;p=thirdparty%2Flibvirt.git

libxl: Resolve possible resource leak in dom0 maximum memory setting

If either the "if (STRPREFIX(mem_tokens[j], "max:"))" is never entered
or the "if (virStrToLong_ull(mem_tokens[j] + 4, &p, 10, maxmem) < 0)" break
is hit, control goes back to the outer loop processing 'cmd_tokens' and
it's possible that the 'mem_tokens' would be overwritten.

Found by Coverity
---

diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 6ce2e0aadc..f5b788b50f 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1622,6 +1622,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriverConfigPtr cfg,
                 goto cleanup;
             }
         }
+        virStringListFree(mem_tokens);
     }
 
  physmem: