mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-24 21:45:21 +00:00
security_manager.c: Append seclabel iff generated
With my previous patches, we unconditionally appended a seclabel, even if it wasn't generated but found in array of defined seclabels. This resulted in double free later when doing virDomainDefFree and iterating over the array of defined seclabels. Moreover, there was another possibility of double free, if the seclabel was generated in the last iteration of the process of walking trough security managers array.
This commit is contained in:
parent
0e9df6bd10
commit
a1c68a1fcb
@ -463,6 +463,7 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
|
|||||||
} else if (vm->nseclabels && generated) {
|
} else if (vm->nseclabels && generated) {
|
||||||
VIR_DEBUG("Skipping auto generated seclabel of type none");
|
VIR_DEBUG("Skipping auto generated seclabel of type none");
|
||||||
virSecurityLabelDefFree(seclabel);
|
virSecurityLabelDefFree(seclabel);
|
||||||
|
seclabel = NULL;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -472,8 +473,8 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
|
|||||||
} else {
|
} else {
|
||||||
/* The seclabel must be added to @vm prior calling domainGenSecurityLabel
|
/* The seclabel must be added to @vm prior calling domainGenSecurityLabel
|
||||||
* which may require seclabel to be presented already */
|
* which may require seclabel to be presented already */
|
||||||
|
if (generated &&
|
||||||
if (VIR_APPEND_ELEMENT(vm->seclabels, vm->nseclabels, seclabel) < 0) {
|
VIR_APPEND_ELEMENT(vm->seclabels, vm->nseclabels, seclabel) < 0) {
|
||||||
virReportOOMError();
|
virReportOOMError();
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
@ -484,6 +485,8 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
|
|||||||
vm->nseclabels--;
|
vm->nseclabels--;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
seclabel = NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user