From: Ben Gray Date: Sat, 23 Apr 2016 22:38:21 +0000 (-0400) Subject: rpc: Don't leak fd via CreateXMLWithFiles X-Git-Tag: v1.3.3.1~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d4a0b0084b56b02b3bf4805a68c3462984f6647;p=thirdparty%2Flibvirt.git rpc: Don't leak fd via CreateXMLWithFiles FD passing APIs like CreateXMLWithFiles or OpenGraphicsFD will leak file descriptors. The user passes in an fd, which is dup()'d in virNetClientProgramCall. The new fd is what is transfered to the server virNetClientIOWriteMessage. Once all the fds have been written though, the parent msg->fds list is immediately free'd, so the individual fds are never closed. This closes each FD as its send to the server, so all fds have been closed by the time msg->fds is free'd. https://bugzilla.redhat.com/show_bug.cgi?id=1159766 (cherry picked from commit 5ba48584fbc5079c0ddbc9e9a52c96d7bcef0761) --- diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index c68da6da28..c47284c3b8 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -1184,6 +1184,7 @@ virNetClientIOWriteMessage(virNetClientPtr client, if (rv == 0) /* Blocking */ return 0; thecall->msg->donefds++; + VIR_FORCE_CLOSE(thecall->msg->fds[i]); } thecall->msg->donefds = 0; thecall->msg->bufferOffset = thecall->msg->bufferLength = 0;