[libvirt] [PATCH v2 0/2] Fix possible use-after-free when sending event message

John Ferlan jferlan at redhat.com
Sun Apr 23 12:49:12 UTC 2017


Ping?

Tks

John

On 04/12/2017 07:58 PM, John Ferlan wrote:
> 
> ping?
> 
> Tks, -
> 
> John
> 
> On 04/03/2017 10:12 AM, John Ferlan wrote:
>>
>>
>> On 03/27/2017 12:47 PM, John Ferlan wrote:
>>> v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html
>>>
>>> Change since v1, add the derefFcn as an argument to the renamed macro
>>> (not quite sure how I missed that originally.
>>>
>>> John Ferlan (2):
>>>   daemon: Rework remoteClientFreeFunc cleanup loops into C macro
>>>   remote: Fix possible use-after-free when sending event message
>>>
>>>  daemon/remote.c | 164 ++++++++++++++++++++------------------------------------
>>>  1 file changed, 58 insertions(+), 106 deletions(-)
>>>
>>
>>
>> Laine took a look at patch 1/2 - anyone want to look at 2/2 which he
>> didn't feel comfortable looking at?
>>
>> Essentially it follows similar logic to virObjectEventCallbackListAddID
>> when processing virObjectRef(conn), except this time the virObjectRef is
>> on virNetServerClientPtr client whenever the callback functions grab
>> it's address.  When the callback is free'd the reference is removed (in
>> remoteEventCallbackFree) so that virNetServerProcessClients doesn't
>> inadvertently free the client before the callback code is done with it
>> (sending an event message).
>>
>> Tks -
>>
>> John
>>
>> --
>> libvir-list mailing list
>> libvir-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/libvir-list
>>
> 
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
> 




More information about the libvir-list mailing list