_dbus_listen_tcp_socket: avoid leaking listen_fd in unlikely circumstances

If getaddrinfo (with port == 0) succeeds, the kernel gives us a port when
we first listen on a socket, we jump back to redo_lookup_with_port,
and getaddrinfo (with the nonzero port) fails, we leak listen_fd and all
the fds in it.

From the department of "without static analysis we'd never have spotted
this", or possibly "backward goto considered harmful".

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=29881
Bug-NB: NB#180486 CID-2389
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>

diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
index f51f6fc..98667f2 100644 (file)
--- a/dbus/dbus-sysdeps-unix.c
+++ b/dbus/dbus-sysdeps-unix.c
@@ -1331,13 +1331,14 @@ _dbus_listen_tcp_socket (const char     *host,
   hints.ai_flags = AI_ADDRCONFIG | AI_PASSIVE;
 
  redo_lookup_with_port:
+  ai = NULL;
   if ((res = getaddrinfo(host, port, &hints, &ai)) != 0 || !ai)
     {
       dbus_set_error (error,
                       _dbus_error_from_errno (errno),
                       "Failed to lookup host/port: \"%s:%s\": %s (%d)",
                       host ? host : "*", port, gai_strerror(res), res);
-      return -1;
+      goto failed;
     }
 
   tmp = ai;