mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-02-22 11:22:23 +00:00
stream: avoid use-after-free
virFDStreamClose used a mutex after it was freed, and failed to destroy that mutex on its last use. * src/fdstream.c (virFDStreamFree): Inline into sole caller... (virFDStreamClose): ...to avoid use-after-free and leak. Reported by Matthias Bolte.
This commit is contained in:
Eric Blake
parent
fbe3ab1a27
commit
34b999be42
@ -210,9 +210,20 @@ cleanup:
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int virFDStreamFree(struct virFDStreamData *fdst)
|
||||
|
||||
static int
|
||||
virFDStreamClose(virStreamPtr st)
|
||||
{
|
||||
struct virFDStreamData *fdst = st->privateData;
|
||||
int ret;
|
||||
|
||||
VIR_DEBUG("st=%p", st);
|
||||
|
||||
if (!fdst)
|
||||
return 0;
|
||||
|
||||
virMutexLock(&fdst->lock);
|
||||
|
||||
ret = VIR_CLOSE(fdst->fd);
|
||||
if (fdst->cmd) {
|
||||
char buf[1024];
|
||||
@ -243,29 +254,12 @@ static int virFDStreamFree(struct virFDStreamData *fdst)
|
||||
}
|
||||
virCommandFree(fdst->cmd);
|
||||
}
|
||||
VIR_FREE(fdst);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virFDStreamClose(virStreamPtr st)
|
||||
{
|
||||
struct virFDStreamData *fdst = st->privateData;
|
||||
int ret;
|
||||
|
||||
VIR_DEBUG("st=%p", st);
|
||||
|
||||
if (!fdst)
|
||||
return 0;
|
||||
|
||||
virMutexLock(&fdst->lock);
|
||||
|
||||
ret = virFDStreamFree(fdst);
|
||||
|
||||
st->privateData = NULL;
|
||||
|
||||
virMutexUnlock(&fdst->lock);
|
||||
virMutexDestroy(&fdst->lock);
|
||||
VIR_FREE(fdst);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user