External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-02 01:45:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

secret: Properly handle @def after virSecretObjAdd in driver

Browse Source 
Since the virSecretObjListAdd technically consumes @def on success,
the secretDefineXML should set @def = NULL immediately and process
the remaining calls using a new @objDef variable. We can use use
VIR_STEAL_PTR since we know the Add function just stores @def in
obj->def.

Because we steal @def into @objDef, if we jump to restore_backup:
and @backup is set, then we need to ensure the @def would be
free'd properly, so we'll steal it back from @objDef. For the other
condition this fixes a double free of @def if the code had jumped to
@backup == NULL thus calling virSecretObjListRemove without setting
@def = NULL. In this case, the subsequent call to DefFree would
succeed and free @def; however, the call to EndAPI would also
call DefFree because the Unref done would be the last one for
the @obj meaning the obj->def would be used to call DefFree,
but it's already been free'd because @def wasn't managed right
within this error path.

Signed-off-by: John Ferlan <jferlan@redhat.com>
This commit is contained in:
John Ferlan 2017-06-01 08:17:52 -04:00
parent 7ca17da9f2
commit e4c0aff215
1 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/secret/secret_driver.c
View File

@ -210,6 +210,7 @@ secretDefineXML(virConnectPtr conn,
{ {
virSecretPtr ret = NULL; virSecretPtr ret = NULL;
virSecretObjPtr obj = NULL; virSecretObjPtr obj = NULL;
virSecretDefPtr objDef;
virSecretDefPtr backup = NULL; virSecretDefPtr backup = NULL;
virSecretDefPtr def; virSecretDefPtr def;
virObjectEventPtr event = NULL; virObjectEventPtr event = NULL;
@ -225,8 +226,9 @@ secretDefineXML(virConnectPtr conn,
if (!(obj = virSecretObjListAdd(driver->secrets, def, if (!(obj = virSecretObjListAdd(driver->secrets, def,
driver->configDir, &backup))) driver->configDir, &backup)))
goto cleanup; goto cleanup;
VIR_STEAL_PTR(objDef, def);
if (!def->isephemeral) { if (!objDef->isephemeral) {
if (backup && backup->isephemeral) { if (backup && backup->isephemeral) {
if (virSecretObjSaveData(obj) < 0) if (virSecretObjSaveData(obj) < 0)
goto restore_backup; goto restore_backup;
@ -248,28 +250,27 @@ secretDefineXML(virConnectPtr conn,
/* Saved successfully - drop old values */ /* Saved successfully - drop old values */
virSecretDefFree(backup); virSecretDefFree(backup);
event = virSecretEventLifecycleNew(def->uuid, event = virSecretEventLifecycleNew(objDef->uuid,
def->usage_type, objDef->usage_type,
def->usage_id, objDef->usage_id,
VIR_SECRET_EVENT_DEFINED, VIR_SECRET_EVENT_DEFINED,
0); 0);
ret = virGetSecret(conn, ret = virGetSecret(conn,
def->uuid, objDef->uuid,
def->usage_type, objDef->usage_type,
def->usage_id); objDef->usage_id);
def = NULL;
goto cleanup; goto cleanup;
restore_backup: restore_backup:
/* If we have a backup, then secret was defined before, so just restore /* If we have a backup, then secret was defined before, so just restore
* the backup. The current def will be handled below. * the backup; otherwise, this is a new secret, thus remove it. */
* Otherwise, this is a new secret, thus remove it. if (backup) {
*/
if (backup)
virSecretObjSetDef(obj, backup); virSecretObjSetDef(obj, backup);
else VIR_STEAL_PTR(def, objDef);
} else {
virSecretObjListRemove(driver->secrets, obj); virSecretObjListRemove(driver->secrets, obj);
}
cleanup: cleanup:
virSecretDefFree(def); virSecretDefFree(def);