[libvirt] [PATCH v2 0/2] Fix possible use-after-free when sending event message
John Ferlan
jferlan at redhat.com
Mon Apr 3 14:12:26 UTC 2017
On 03/27/2017 12:47 PM, John Ferlan wrote:
> v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html
>
> Change since v1, add the derefFcn as an argument to the renamed macro
> (not quite sure how I missed that originally.
>
> John Ferlan (2):
> daemon: Rework remoteClientFreeFunc cleanup loops into C macro
> remote: Fix possible use-after-free when sending event message
>
> daemon/remote.c | 164 ++++++++++++++++++++------------------------------------
> 1 file changed, 58 insertions(+), 106 deletions(-)
>
Laine took a look at patch 1/2 - anyone want to look at 2/2 which he
didn't feel comfortable looking at?
Essentially it follows similar logic to virObjectEventCallbackListAddID
when processing virObjectRef(conn), except this time the virObjectRef is
on virNetServerClientPtr client whenever the callback functions grab
it's address. When the callback is free'd the reference is removed (in
remoteEventCallbackFree) so that virNetServerProcessClients doesn't
inadvertently free the client before the callback code is done with it
(sending an event message).
Tks -
John
More information about the libvir-list
mailing list