mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
security: DAC: fix the transaction model's list append
The problem is in the way how the list item is created prior to appending it to the transaction list - the @path attribute is just a shallow copy instead of deep copy of the hostdev device's path. Unfortunately, the hostdev devices from which the @path is extracted, in order to add them into the transaction list, are only temporary and freed before the buildup of the qemu namespace, thus making the @path attribute in the transaction list NULL, causing 'permission denied' or 'double free' or 'unknown cause' errors. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1413773 Signed-off-by: Erik Skultety <eskultet@redhat.com>
This commit is contained in:
parent
f66b185c46
commit
df7f42d5be
@ -71,7 +71,7 @@ struct _virSecurityDACCallbackData {
|
||||
typedef struct _virSecurityDACChownItem virSecurityDACChownItem;
|
||||
typedef virSecurityDACChownItem *virSecurityDACChownItemPtr;
|
||||
struct _virSecurityDACChownItem {
|
||||
const char *path;
|
||||
char *path;
|
||||
const virStorageSource *src;
|
||||
uid_t uid;
|
||||
gid_t gid;
|
||||
@ -95,22 +95,31 @@ virSecurityDACChownListAppend(virSecurityDACChownListPtr list,
|
||||
uid_t uid,
|
||||
gid_t gid)
|
||||
{
|
||||
virSecurityDACChownItemPtr item;
|
||||
int ret = -1;
|
||||
char *tmp = NULL;
|
||||
virSecurityDACChownItemPtr item = NULL;
|
||||
|
||||
if (VIR_ALLOC(item) < 0)
|
||||
return -1;
|
||||
|
||||
item->path = path;
|
||||
if (VIR_STRDUP(tmp, path) < 0)
|
||||
goto cleanup;
|
||||
|
||||
item->path = tmp;
|
||||
item->src = src;
|
||||
item->uid = uid;
|
||||
item->gid = gid;
|
||||
|
||||
if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0) {
|
||||
VIR_FREE(item);
|
||||
return -1;
|
||||
}
|
||||
if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0)
|
||||
goto cleanup;
|
||||
|
||||
return 0;
|
||||
tmp = NULL;
|
||||
|
||||
ret = 0;
|
||||
cleanup:
|
||||
VIR_FREE(tmp);
|
||||
VIR_FREE(item);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void
|
||||
@ -122,8 +131,10 @@ virSecurityDACChownListFree(void *opaque)
|
||||
if (!list)
|
||||
return;
|
||||
|
||||
for (i = 0; i < list->nItems; i++)
|
||||
for (i = 0; i < list->nItems; i++) {
|
||||
VIR_FREE(list->items[i]->path);
|
||||
VIR_FREE(list->items[i]);
|
||||
}
|
||||
VIR_FREE(list);
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user