On 03/27/2017 12:47 PM, John Ferlan wrote: > v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html > > Change since v1, add the derefFcn as an argument to the renamed macro > (not quite sure how I missed that originally. > > John Ferlan (2): > daemon: Rework remoteClientFreeFunc cleanup loops into C macro > remote: Fix possible use-after-free when sending event message > > daemon/remote.c | 164 ++++++++++++++++++++------------------------------------ > 1 file changed, 58 insertions(+), 106 deletions(-) > Laine took a look at patch 1/2 - anyone want to look at 2/2 which he didn't feel comfortable looking at? Essentially it follows similar logic to virObjectEventCallbackListAddID when processing virObjectRef(conn), except this time the virObjectRef is on virNetServerClientPtr client whenever the callback functions grab it's address. When the callback is free'd the reference is removed (in remoteEventCallbackFree) so that virNetServerProcessClients doesn't inadvertently free the client before the callback code is done with it (sending an event message). Tks - John -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
