Merge pull request #2394 from 2xsec/coverity

src/lxc/criu.c

@@ -868,14 +868,14 @@ static bool criu_ok(struct lxc_container *c, char **criu_version)
 {
 	struct lxc_list *it;
 
-	if (!criu_version_ok(criu_version))
-		return false;
-
 	if (geteuid()) {
 		ERROR("Must be root to checkpoint");
 		return false;
 	}
 
+	if (!criu_version_ok(criu_version))
+		return false;
+
 	/* We only know how to restore containers with veth networks. */
 	lxc_list_for_each(it, &c->lxc_conf->network) {
 		struct lxc_netdev *n = it->elem;
@@ -887,6 +887,10 @@ static bool criu_ok(struct lxc_container *c, char **criu_version)
 			break;
 		default:
 			ERROR("Found un-dumpable network: %s (%s)", lxc_net_type_to_str(n->type), n->name);
+			if (criu_version) {
+				free(*criu_version);
+				*criu_version = NULL;
+			}
 			return false;
 		}
 	}
@@ -1239,6 +1243,7 @@ static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *op
 	ret = pipe(criuout);
 	if (ret < 0) {
 		SYSERROR("pipe() failed");
+		free(criu_version);
 		return false;
 	}
 
@@ -1299,6 +1304,7 @@ static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *op
 		if (w == -1) {
 			SYSERROR("waitpid");
 			close(criuout[0]);
+			free(criu_version);
 			return false;
 		}
 
@@ -1327,6 +1333,8 @@ static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *op
 
 		if (!ret)
 			ERROR("criu output: %s", buf);
+
+		free(criu_version);
 		return ret;
 	}
 fail:
@@ -1366,9 +1374,6 @@ bool __criu_restore(struct lxc_container *c, struct migrate_opts *opts)
 	int pipefd[2];
 	char *criu_version = NULL;
 
-	if (!criu_ok(c, &criu_version))
-		return false;
-
 	if (geteuid()) {
 		ERROR("Must be root to restore");
 		return false;
@@ -1379,10 +1384,17 @@ bool __criu_restore(struct lxc_container *c, struct migrate_opts *opts)
 		return false;
 	}
 
+	if (!criu_ok(c, &criu_version)) {
+		close(pipefd[0]);
+		close(pipefd[1]);
+		return false;
+	}
+
 	pid = fork();
 	if (pid < 0) {
 		close(pipefd[0]);
 		close(pipefd[1]);
+		free(criu_version);
 		return false;
 	}
 
@@ -1393,6 +1405,7 @@ bool __criu_restore(struct lxc_container *c, struct migrate_opts *opts)
 	}
 
 	close(pipefd[1]);
+	free(criu_version);
 
 	nread = read(pipefd[0], &status, sizeof(status));
 	close(pipefd[0]);

src/lxc/lxccontainer.c

@@ -1384,7 +1384,7 @@ static bool create_run_template(struct lxc_container *c, char *tpath,
 				ret = mount(src, bdev->dest, "bind", MS_BIND | MS_REC, NULL);
 				if (ret < 0) {
 					ERROR("Failed to mount rootfs");
-					return -1;
+					_exit(EXIT_FAILURE);
 				}
 			} else {
 				ret = bdev->ops->mount(bdev);

src/lxc/monitor.c

@@ -216,18 +216,11 @@ int lxc_monitor_open(const char *lxcpath)
 	if (lxc_monitor_sock_name(lxcpath, &addr) < 0)
 		return -1;
 
-	fd = socket(PF_UNIX, SOCK_STREAM, 0);
-	if (fd < 0) {
-		ERROR("Failed to create socket: %s.", strerror(errno));
-		return -1;
-	}
-
 	len = strlen(&addr.sun_path[1]);
 	DEBUG("opening monitor socket %s with len %zu", &addr.sun_path[1], len);
 	if (len >= sizeof(addr.sun_path) - 1) {
 		errno = ENAMETOOLONG;
 		ERROR("name of monitor socket too long (%zu bytes): %s", len, strerror(errno));
-		close(fd);
 		return -1;
 	}
 

src/lxc/tools/lxc_monitor.c

@@ -342,16 +342,9 @@ static int lxc_monitor_open(const char *lxcpath)
 	if (lxc_monitor_sock_name(lxcpath, &addr) < 0)
 		return -1;
 
-	fd = socket(PF_UNIX, SOCK_STREAM, 0);
-	if (fd < 0) {
-		fprintf(stderr, "Failed to create socket: %s\n", strerror(errno));
-		return -errno;
-	}
-
 	len = strlen(&addr.sun_path[1]);
 	if (len >= sizeof(addr.sun_path) - 1) {
 		errno = ENAMETOOLONG;
-		close(fd);
 		fprintf(stderr, "name of monitor socket too long (%zu bytes): %s\n", len, strerror(errno));
 		return -errno;
 	}