[libvirt] [PATCH] bridge: leases: Fix potential crash caused by use after free
Daniel P. Berrange
berrange at redhat.com
Tue Jun 24 12:23:16 UTC 2014
On Tue, Jun 24, 2014 at 01:54:42PM +0200, Peter Krempa wrote:
> Don't free individual JSON array members as the array will be freed at
> the end. This may potentially lead to a crash although it didn't crash
> on my setup.
> ---
> src/network/bridge_driver.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
> index d5577e0..f3aff1c 100644
> --- a/src/network/bridge_driver.c
> +++ b/src/network/bridge_driver.c
> @@ -3437,10 +3437,8 @@ networkGetDHCPLeasesHelper(virNetworkObjPtr obj,
> goto error;
> }
>
> - if (mac && virMacAddrCompare(mac, mac_tmp)) {
> - virJSONValueFree(lease_tmp);
> + if (mac && virMacAddrCompare(mac, mac_tmp))
> continue;
> - }
>
> if (virJSONValueObjectGetNumberLong(lease_tmp, "expiry-time", &expirytime_tmp) < 0) {
> /* A lease cannot be present without expiry-time */
ACK
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list