On 7/21/21 11:27 AM, Peter Krempa wrote: > 'virStoragePoolObjListSearch' returns a locked and refed object, thus we > must release it on ACL permission failure. > > Fixes: 7aa0e8c0cb8 > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318 > Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> > --- > Technically a security issue since it DoS-es the objects a user doesn't > have access to for users which do have access. > > Posting to standard devel list since the bugzilla above is public. > > src/storage/storage_driver.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Michal
