mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-08 22:15:21 +00:00
storage: Fix returning of locked objects from 'virStoragePoolObjListSearch'
CVE-2023-3750 'virStoragePoolObjListSearch' explicitly documents that it's returning a pointer to a locked and ref'd pool that maches the lookup function. This was not the case as in commit0c4b391e2a
(released in libvirt-8.3.0) the code was accidentally converted to use 'VIR_LOCK_GUARD' which auto-unlocked it when leaving the scope, even when the code was originally "leaking" the lock. Revert the corresponding conversion and add a comment that this function is intentionally leaking a locked object. Fixes:0c4b391e2a
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2221851 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
a7f7bfa347
commit
9a47442366
@ -454,11 +454,16 @@ virStoragePoolObjListSearchCb(const void *payload,
|
||||
virStoragePoolObj *obj = (virStoragePoolObj *) payload;
|
||||
struct _virStoragePoolObjListSearchData *data =
|
||||
(struct _virStoragePoolObjListSearchData *)opaque;
|
||||
VIR_LOCK_GUARD lock = virObjectLockGuard(obj);
|
||||
|
||||
virObjectLock(obj);
|
||||
|
||||
/* If we find the matching pool object we must return while the object is
|
||||
* locked as the caller wants to return a locked object. */
|
||||
if (data->searcher(obj, data->opaque))
|
||||
return 1;
|
||||
|
||||
virObjectUnlock(obj);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user