commit c424e5f3d24f76e01242d15ba361dc6234706fed

Author: Frank Ch. Eigler <fche@redhat.com>

Date:   Thu Nov 3 10:07:31 2022 -0400

    debuginfod.cxx: fix coverity-found use-after-release error

    The debuginfod_client object lifetime needs more careful handling,

    made easier with the defer_dtor<> gadget.

    Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

diff --git a/debuginfod/debuginfod.cxx b/debuginfod/debuginfod.cxx

index f46da6ef..02a11477 100644

--- a/debuginfod/debuginfod.cxx

+++ b/debuginfod/debuginfod.cxx

@@ -2249,85 +2249,82 @@ handle_buildid (MHD_Connection* conn,

   int fd = -1;

   debuginfod_client *client = debuginfod_pool_begin ();

-  if (client != NULL)

-    {

-      debuginfod_set_progressfn (client, & debuginfod_find_progress);

+  if (client == NULL)

+    throw libc_exception(errno, "debuginfod client pool alloc");

+  defer_dtor<debuginfod_client*,void> client_closer (client, debuginfod_pool_end);

+  

+  debuginfod_set_progressfn (client, & debuginfod_find_progress);

-      if (conn)

-        {

-          // Transcribe incoming User-Agent:

-          string ua = MHD_lookup_connection_value (conn, MHD_HEADER_KIND, "User-Agent") ?: "";

-          string ua_complete = string("User-Agent: ") + ua;

-          debuginfod_add_http_header (client, ua_complete.c_str());

-

-          // Compute larger XFF:, for avoiding info loss during

-          // federation, and for future cyclicity detection.

-          string xff = MHD_lookup_connection_value (conn, MHD_HEADER_KIND, "X-Forwarded-For") ?: "";

-          if (xff != "")

-            xff += string(", "); // comma separated list

-

-          unsigned int xff_count = 0;

-          for (auto&& i : xff){

-            if (i == ',') xff_count++;

-          }

+  if (conn)

+    {

+      // Transcribe incoming User-Agent:

+      string ua = MHD_lookup_connection_value (conn, MHD_HEADER_KIND, "User-Agent") ?: "";

+      string ua_complete = string("User-Agent: ") + ua;

+      debuginfod_add_http_header (client, ua_complete.c_str());

+      

+      // Compute larger XFF:, for avoiding info loss during

+      // federation, and for future cyclicity detection.

+      string xff = MHD_lookup_connection_value (conn, MHD_HEADER_KIND, "X-Forwarded-For") ?: "";

+      if (xff != "")

+        xff += string(", "); // comma separated list

+      

+      unsigned int xff_count = 0;

+      for (auto&& i : xff){

+        if (i == ',') xff_count++;

+      }

-          // if X-Forwarded-For: exceeds N hops,

-          // do not delegate a local lookup miss to upstream debuginfods.

-          if (xff_count >= forwarded_ttl_limit)

-            throw reportable_exception(MHD_HTTP_NOT_FOUND, "not found, --forwared-ttl-limit reached \

+      // if X-Forwarded-For: exceeds N hops,

+      // do not delegate a local lookup miss to upstream debuginfods.

+      if (xff_count >= forwarded_ttl_limit)

+        throw reportable_exception(MHD_HTTP_NOT_FOUND, "not found, --forwared-ttl-limit reached \

 and will not query the upstream servers");

-          // Compute the client's numeric IP address only - so can't merge with conninfo()

-          const union MHD_ConnectionInfo *u = MHD_get_connection_info (conn,

-                                                                       MHD_CONNECTION_INFO_CLIENT_ADDRESS);

-          struct sockaddr *so = u ? u->client_addr : 0;

-          char hostname[256] = ""; // RFC1035

-          if (so && so->sa_family == AF_INET) {

-            (void) getnameinfo (so, sizeof (struct sockaddr_in), hostname, sizeof (hostname), NULL, 0,

-                                NI_NUMERICHOST);

-          } else if (so && so->sa_family == AF_INET6) {

-            struct sockaddr_in6* addr6 = (struct sockaddr_in6*) so;

-            if (IN6_IS_ADDR_V4MAPPED(&addr6->sin6_addr)) {

-              struct sockaddr_in addr4;

-              memset (&addr4, 0, sizeof(addr4));

-              addr4.sin_family = AF_INET;

-              addr4.sin_port = addr6->sin6_port;

-              memcpy (&addr4.sin_addr.s_addr, addr6->sin6_addr.s6_addr+12, sizeof(addr4.sin_addr.s_addr));

-              (void) getnameinfo ((struct sockaddr*) &addr4, sizeof (addr4),

-                                  hostname, sizeof (hostname), NULL, 0,

-                                  NI_NUMERICHOST);

-            } else {

-              (void) getnameinfo (so, sizeof (struct sockaddr_in6), hostname, sizeof (hostname), NULL, 0,

-                                  NI_NUMERICHOST);

-            }

-          }

-          

-          string xff_complete = string("X-Forwarded-For: ")+xff+string(hostname);

-          debuginfod_add_http_header (client, xff_complete.c_str());

+      // Compute the client's numeric IP address only - so can't merge with conninfo()

+      const union MHD_ConnectionInfo *u = MHD_get_connection_info (conn,

+                                                                   MHD_CONNECTION_INFO_CLIENT_ADDRESS);

+      struct sockaddr *so = u ? u->client_addr : 0;

+      char hostname[256] = ""; // RFC1035

+      if (so && so->sa_family == AF_INET) {

+        (void) getnameinfo (so, sizeof (struct sockaddr_in), hostname, sizeof (hostname), NULL, 0,

+                            NI_NUMERICHOST);

+      } else if (so && so->sa_family == AF_INET6) {

+        struct sockaddr_in6* addr6 = (struct sockaddr_in6*) so;

+        if (IN6_IS_ADDR_V4MAPPED(&addr6->sin6_addr)) {

+          struct sockaddr_in addr4;

+          memset (&addr4, 0, sizeof(addr4));

+          addr4.sin_family = AF_INET;

+          addr4.sin_port = addr6->sin6_port;

+          memcpy (&addr4.sin_addr.s_addr, addr6->sin6_addr.s6_addr+12, sizeof(addr4.sin_addr.s_addr));

+          (void) getnameinfo ((struct sockaddr*) &addr4, sizeof (addr4),

+                              hostname, sizeof (hostname), NULL, 0,

+                              NI_NUMERICHOST);

+        } else {

+          (void) getnameinfo (so, sizeof (struct sockaddr_in6), hostname, sizeof (hostname), NULL, 0,

+                              NI_NUMERICHOST);

         }

-

-      if (artifacttype == "debuginfo")

-	fd = debuginfod_find_debuginfo (client,

-					(const unsigned char*) buildid.c_str(),

-					0, NULL);

-      else if (artifacttype == "executable")

-	fd = debuginfod_find_executable (client,

-					 (const unsigned char*) buildid.c_str(),

-					 0, NULL);

-      else if (artifacttype == "source")

-	fd = debuginfod_find_source (client,

-				     (const unsigned char*) buildid.c_str(),

-				     0, suffix.c_str(), NULL);

-      else if (artifacttype == "section")

-	fd = debuginfod_find_section (client,

-				      (const unsigned char*) buildid.c_str(),

-				      0, section.c_str(), NULL);

-

+      }

+          

+      string xff_complete = string("X-Forwarded-For: ")+xff+string(hostname);

+      debuginfod_add_http_header (client, xff_complete.c_str());

     }

-  else

-    fd = -errno; /* Set by debuginfod_begin.  */

-  debuginfod_pool_end (client);

-

+  

+  if (artifacttype == "debuginfo")

+    fd = debuginfod_find_debuginfo (client,

+                                    (const unsigned char*) buildid.c_str(),

+                                    0, NULL);

+  else if (artifacttype == "executable")

+    fd = debuginfod_find_executable (client,

+                                     (const unsigned char*) buildid.c_str(),

+                                     0, NULL);

+  else if (artifacttype == "source")

+    fd = debuginfod_find_source (client,

+                                 (const unsigned char*) buildid.c_str(),

+                                 0, suffix.c_str(), NULL);

+  else if (artifacttype == "section")

+    fd = debuginfod_find_section (client,

+                                  (const unsigned char*) buildid.c_str(),

+                                  0, section.c_str(), NULL);

+  

   if (fd >= 0)

     {

       if (conn != 0)