[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 019/113] rbd: Fix use after free in qemu_rbd_set_key
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 019/113] rbd: Fix use after free in qemu_rbd_set_keypairs() error path |
Date: |
Mon, 18 Jun 2018 20:41:45 -0500 |
From: Kevin Wolf <address@hidden>
If we want to include the invalid option name in the error message, we
can't free the string earlier than that.
Cc: address@hidden
Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Max Reitz <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
(cherry picked from commit 71c87815f9e0386b6f3e22942adc956fd603c82f)
Signed-off-by: Michael Roth <address@hidden>
---
block/rbd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/block/rbd.c b/block/rbd.c
index a76a5e8755..2de434dfdd 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -265,13 +265,14 @@ static int qemu_rbd_set_keypairs(rados_t cluster, const
char *keypairs_json,
key = qstring_get_str(name);
ret = rados_conf_set(cluster, key, qstring_get_str(value));
- QDECREF(name);
QDECREF(value);
if (ret < 0) {
error_setg_errno(errp, -ret, "invalid conf option %s", key);
+ QDECREF(name);
ret = -EINVAL;
break;
}
+ QDECREF(name);
}
QDECREF(keypairs);
--
2.11.0
- [Qemu-devel] [PATCH 113/113] arm_gicv3_kvm: kvm_dist_get/put_priority: skip the registers banked by GICR_IPRIORITYR, (continued)
- [Qemu-devel] [PATCH 113/113] arm_gicv3_kvm: kvm_dist_get/put_priority: skip the registers banked by GICR_IPRIORITYR, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 011/113] target/ppc: Clarify compat mode max_threads value, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 012/113] spapr: rename spapr_vcpu_id() to spapr_get_vcpu_id(), Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 013/113] spapr: consolidate the VCPU id numbering logic in a single place, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 014/113] spapr: fix missing CPU core nodes in DT when running with TCG, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 015/113] spapr: register dummy ICPs later, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 016/113] spapr: make pseries-2.11 the default machine type, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 017/113] nbd: Honor server's advertised minimum block size, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 018/113] specs/qcow2: Fix documentation of the compressed cluster descriptor, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 020/113] tpm: Set the flags of the CMD_INIT command to 0, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 019/113] rbd: Fix use after free in qemu_rbd_set_keypairs() error path,
Michael Roth <=
- [Qemu-devel] [PATCH 001/113] block/ssh: fix possible segmentation fault when .desc is not null-terminated, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 021/113] loader: don't perform overlapping address check for memory region ROM images, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 022/113] target/xtensa: dump correct physical registers, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 023/113] linux-user: fix mmap/munmap/mprotect/mremap/shmat, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 024/113] linux-user: fix assertion in shmdt, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 025/113] linux-user: fix target_mprotect/target_munmap error return values, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 028/113] memory: inline some performance-sensitive accessors, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 029/113] address_space_write: address_space_to_flatview needs RCU lock, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 026/113] sparc: fix leon3 casa instruction when MMU is disabled, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 027/113] openpic_kvm: drop address_space_to_flatview call, Michael Roth, 2018/06/18