From 272d5a9653c4660da16253789b9561ab097859ca Mon Sep 17 00:00:00 2001
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 12 May 2010 16:52:06 +0200
Subject: [PATCH] Fix potential NULL dereference in remoteDomainMigratePrepare2

---
 src/remote/remote_driver.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 990bfceac7..80977a33bf 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -2849,17 +2849,34 @@ remoteDomainMigratePrepare2 (virConnectPtr dconn,
         goto done;
 
     if (ret.cookie.cookie_len > 0) {
+        if (!cookie || !cookielen) {
+            remoteError(VIR_ERR_INTERNAL_ERROR, "%s",
+                        _("caller ignores cookie or cookielen"));
+            goto error;
+        }
         *cookie = ret.cookie.cookie_val; /* Caller frees. */
         *cookielen = ret.cookie.cookie_len;
     }
-    if (ret.uri_out)
+    if (ret.uri_out) {
+        if (!uri_out) {
+            remoteError(VIR_ERR_INTERNAL_ERROR, "%s",
+                        _("caller ignores uri_out"));
+            goto error;
+        }
         *uri_out = *ret.uri_out; /* Caller frees. */
+    }
 
     rv = 0;
 
 done:
     remoteDriverUnlock(priv);
     return rv;
+error:
+    if (ret.cookie.cookie_len)
+        VIR_FREE(ret.cookie.cookie_val);
+    if (ret.uri_out)
+        VIR_FREE(*ret.uri_out);
+    goto done;
 }
 
 static virDomainPtr