Re: [PATCH v2 0/2] Fix possible use-after-free when sending event message

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 03/27/2017 12:47 PM, John Ferlan wrote:
> v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html
> 
> Change since v1, add the derefFcn as an argument to the renamed macro
> (not quite sure how I missed that originally.
> 
> John Ferlan (2):
>   daemon: Rework remoteClientFreeFunc cleanup loops into C macro
>   remote: Fix possible use-after-free when sending event message
> 
>  daemon/remote.c | 164 ++++++++++++++++++++------------------------------------
>  1 file changed, 58 insertions(+), 106 deletions(-)
> 


Laine took a look at patch 1/2 - anyone want to look at 2/2 which he
didn't feel comfortable looking at?

Essentially it follows similar logic to virObjectEventCallbackListAddID
when processing virObjectRef(conn), except this time the virObjectRef is
on virNetServerClientPtr client whenever the callback functions grab
it's address.  When the callback is free'd the reference is removed (in
remoteEventCallbackFree) so that virNetServerProcessClients doesn't
inadvertently free the client before the callback code is done with it
(sending an event message).

Tks -

John

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux