External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix possible invalid read in adminClientGetInfo

Browse Source 
virNetServerClientGetInfo returns the client's remote address
as a string, which is a part of the client object.

Use VIR_STRDUP to make a copy which can be freely accessed
even after the virNetServerClient object is unlocked.

To reproduce, put a sleep between virObjectUnlock in
virNetServerClientGetInfo and virTypedParamsAddString in
adminClientGetInfo, then close the queried connection during
that sleep.
This commit is contained in:
Ján Tomko 2016-06-29 07:03:13 +02:00
parent ca5d51df27
commit a3f565b339
3 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
daemon/admin_server.c
View File

@ -221,7 +221,7 @@ adminClientGetInfo(virNetServerClientPtr client,
int ret = -1;
int maxparams = 0;
bool readonly;
const char *sock_addr = NULL;
char *sock_addr = NULL;
const char *attr = NULL;
virTypedParameterPtr tmpparams = NULL;
virIdentityPtr identity = NULL;
@ -300,6 +300,7 @@ adminClientGetInfo(virNetServerClientPtr client,
cleanup:
virObjectUnref(identity);
VIR_FREE(sock_addr);
return ret;
}

8
src/rpc/virnetserverclient.c
View File

@ -1606,20 +1606,24 @@ virNetServerClientGetTransport(virNetServerClientPtr client)
int
virNetServerClientGetInfo(virNetServerClientPtr client,
bool *readonly, const char **sock_addr,
bool *readonly, char **sock_addr,
virIdentityPtr *identity)
{
int ret = -1;
const char *addr;
virObjectLock(client);
*readonly = client->readonly;
if (!(*sock_addr = virNetServerClientRemoteAddrStringURI(client))) {
if (!(addr = virNetServerClientRemoteAddrStringURI(client))) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("No network socket associated with client"));
goto cleanup;
}
if (VIR_STRDUP(*sock_addr, addr) < 0)
goto cleanup;
if (!client->identity) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("No identity information available for client"));

2
src/rpc/virnetserverclient.h
View File

@ -149,7 +149,7 @@ bool virNetServerClientNeedAuth(virNetServerClientPtr client);
int virNetServerClientGetTransport(virNetServerClientPtr client);
int virNetServerClientGetInfo(virNetServerClientPtr client,
bool *readonly, const char **sock_addr,
bool *readonly, char **sock_addr,
virIdentityPtr *identity);
#endif /* __VIR_NET_SERVER_CLIENT_H__ */