mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
Fix possible invalid read in adminClientGetInfo
virNetServerClientGetInfo returns the client's remote address as a string, which is a part of the client object. Use VIR_STRDUP to make a copy which can be freely accessed even after the virNetServerClient object is unlocked. To reproduce, put a sleep between virObjectUnlock in virNetServerClientGetInfo and virTypedParamsAddString in adminClientGetInfo, then close the queried connection during that sleep.
This commit is contained in:
parent
ca5d51df27
commit
a3f565b339
@ -221,7 +221,7 @@ adminClientGetInfo(virNetServerClientPtr client,
|
||||
int ret = -1;
|
||||
int maxparams = 0;
|
||||
bool readonly;
|
||||
const char *sock_addr = NULL;
|
||||
char *sock_addr = NULL;
|
||||
const char *attr = NULL;
|
||||
virTypedParameterPtr tmpparams = NULL;
|
||||
virIdentityPtr identity = NULL;
|
||||
@ -300,6 +300,7 @@ adminClientGetInfo(virNetServerClientPtr client,
|
||||
|
||||
cleanup:
|
||||
virObjectUnref(identity);
|
||||
VIR_FREE(sock_addr);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -1606,20 +1606,24 @@ virNetServerClientGetTransport(virNetServerClientPtr client)
|
||||
|
||||
int
|
||||
virNetServerClientGetInfo(virNetServerClientPtr client,
|
||||
bool *readonly, const char **sock_addr,
|
||||
bool *readonly, char **sock_addr,
|
||||
virIdentityPtr *identity)
|
||||
{
|
||||
int ret = -1;
|
||||
const char *addr;
|
||||
|
||||
virObjectLock(client);
|
||||
*readonly = client->readonly;
|
||||
|
||||
if (!(*sock_addr = virNetServerClientRemoteAddrStringURI(client))) {
|
||||
if (!(addr = virNetServerClientRemoteAddrStringURI(client))) {
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
_("No network socket associated with client"));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (VIR_STRDUP(*sock_addr, addr) < 0)
|
||||
goto cleanup;
|
||||
|
||||
if (!client->identity) {
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
_("No identity information available for client"));
|
||||
|
@ -149,7 +149,7 @@ bool virNetServerClientNeedAuth(virNetServerClientPtr client);
|
||||
|
||||
int virNetServerClientGetTransport(virNetServerClientPtr client);
|
||||
int virNetServerClientGetInfo(virNetServerClientPtr client,
|
||||
bool *readonly, const char **sock_addr,
|
||||
bool *readonly, char **sock_addr,
|
||||
virIdentityPtr *identity);
|
||||
|
||||
#endif /* __VIR_NET_SERVER_CLIENT_H__ */
|
||||
|
Loading…
Reference in New Issue
Block a user