[libvirt] [PATCH] bridge: leases: Fix potential crash caused by use after free
Peter Krempa
pkrempa at redhat.com
Tue Jun 24 13:20:52 UTC 2014
On 06/24/14 14:23, Daniel P. Berrange wrote:
> On Tue, Jun 24, 2014 at 01:54:42PM +0200, Peter Krempa wrote:
>> Don't free individual JSON array members as the array will be freed at
>> the end. This may potentially lead to a crash although it didn't crash
>> on my setup.
>> ---
>> src/network/bridge_driver.c | 4 +---
>> 1 file changed, 1 insertion(+), 3 deletions(-)
>>
>> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
>> index d5577e0..f3aff1c 100644
>> --- a/src/network/bridge_driver.c
>> +++ b/src/network/bridge_driver.c
>> @@ -3437,10 +3437,8 @@ networkGetDHCPLeasesHelper(virNetworkObjPtr obj,
>> goto error;
>> }
>>
>> - if (mac && virMacAddrCompare(mac, mac_tmp)) {
>> - virJSONValueFree(lease_tmp);
>> + if (mac && virMacAddrCompare(mac, mac_tmp))
>> continue;
>> - }
>>
>> if (virJSONValueObjectGetNumberLong(lease_tmp, "expiry-time", &expirytime_tmp) < 0) {
>> /* A lease cannot be present without expiry-time */
>
> ACK
Pushed; Thanks.
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140624/24f96bb3/attachment-0001.sig>
More information about the libvir-list
mailing list