On 1/22/21 2:08 PM, Daniel P. Berrangé wrote:
The qemuDomainObjFromDomain() API must be paired with
the virDomainObjEndAPI API. The qemuDomainAuthorizedSSHKeysGet
method simply did 'return -1' leaking a reference in two paths.
The qemuDomainAuthorizedSSHKeysSet method marked the object
as an autoptr while also have some code paths that will call
virDomainObjEndAPI, resulting in attempted double free.
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
Reviewed-by: Daniel Henrique Barboza <danielhb413@xxxxxxxxx>
src/qemu/qemu_driver.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 027617deef..05e021cce4 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -20254,10 +20254,10 @@ qemuDomainAuthorizedSSHKeysGet(virDomainPtr dom,
return -1;
if (virDomainAuthorizedSshKeysGetEnsureACL(dom->conn, vm->def) < 0)
- return -1;
+ goto cleanup;
if (qemuDomainObjBeginAgentJob(driver, vm, QEMU_AGENT_JOB_QUERY) < 0)
- return -1;
+ goto cleanup;
if (!qemuDomainAgentAvailable(vm, true))
goto endagentjob;
@@ -20268,6 +20268,7 @@ qemuDomainAuthorizedSSHKeysGet(virDomainPtr dom,
endagentjob:
qemuDomainObjEndAgentJob(vm);
+ cleanup:
virDomainObjEndAPI(&vm);
return rv;
}
@@ -20281,7 +20282,7 @@ qemuDomainAuthorizedSSHKeysSet(virDomainPtr dom,
unsigned int flags)
{
virQEMUDriverPtr driver = dom->conn->privateData;
- g_autoptr(virDomainObj) vm = NULL;
+ virDomainObjPtr vm = NULL;
qemuAgentPtr agent;
const bool append = flags & VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_APPEND;
const bool remove = flags & VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_REMOVE;
@@ -20294,10 +20295,10 @@ qemuDomainAuthorizedSSHKeysSet(virDomainPtr dom,
return -1;
if (virDomainAuthorizedSshKeysSetEnsureACL(dom->conn, vm->def) < 0)
- return -1;
+ goto cleanup;
if (qemuDomainObjBeginAgentJob(driver, vm, QEMU_AGENT_JOB_QUERY) < 0)
- return -1;
+ goto cleanup;
if (!qemuDomainAgentAvailable(vm, true))
goto endagentjob;
@@ -20311,6 +20312,7 @@ qemuDomainAuthorizedSSHKeysSet(virDomainPtr dom,
endagentjob:
qemuDomainObjEndAgentJob(vm);
+ cleanup:
virDomainObjEndAPI(&vm);
return rv;
}