Correctly free nd structure

When we "free" a NICInfo structure, we can leak pointers, since we don't do
much more than setting used = 0.

We free() the model parameter, but we don't set it to NULL. This means that
a new user of this structure will see garbage in there. It was not noticed
before because reusing a NICInfo is not that common, but it can be, for
users of device pci hotplug.

A user hit it, described at https://bugzilla.redhat.com/show_bug.cgi?id=524022

This patch memset's the whole structure, guaranteeing that anyone reusing it
will see a fresh NICinfo. Also, we free some other strings that are currently
leaking.

This codebase is quite old, so this patch should feed all stable trees.

Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

diff --git a/net.c b/net.c
index 2686f78..bcc5176 100644 (file)
--- a/net.c
+++ b/net.c
@@ -2803,8 +2803,13 @@ void net_client_uninit(NICInfo *nd)
 {
     nd->vlan->nb_guest_devs--;
     nb_nics--;
-    nd->used = 0;
-    free((void *)nd->model);
+
+    qemu_free((void *)nd->model);
+    qemu_free((void *)nd->name);
+    qemu_free((void *)nd->devaddr);
+    qemu_free((void *)nd->id);
+
+    memset(nd, 0, sizeof(*nd));
 }
 
 static int net_host_check_device(const char *device)