[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 03/13] crypto: Forbid broken unloading of secrets
From: |
Daniel P . Berrangé |
Subject: |
[PULL 03/13] crypto: Forbid broken unloading of secrets |
Date: |
Fri, 29 Jan 2021 17:10:52 +0000 |
From: Kevin Wolf <kwolf@redhat.com>
qcrypto_secret_prop_set_loaded() forgets to reset secret->rawdata after
unloading a secret, which will lead to a double free at some point.
Because there is no use case for unloading an already loaded secret
(apart from deleting the whole secret object) and we know that nobody
could use this because it would lead to crashes, let's just forbid the
operation instead of fixing the unloading.
Eventually, we'll want to get rid of 'loaded' in the external interface,
but for the meantime this is more consistent with rng, which has a
similar property 'opened' that also can't be reset to false after it
became true.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/secret_common.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/secret_common.c b/crypto/secret_common.c
index 35b82cb531..714a15d5e5 100644
--- a/crypto/secret_common.c
+++ b/crypto/secret_common.c
@@ -191,9 +191,9 @@ qcrypto_secret_prop_set_loaded(Object *obj,
secret->rawdata = input;
secret->rawlen = inputlen;
- } else {
- g_free(secret->rawdata);
- secret->rawlen = 0;
+ } else if (secret->rawdata) {
+ error_setg(errp, "Cannot unload secret");
+ return;
}
}
--
2.29.2
- [PULL 00/13] Misc patches, Daniel P . Berrangé, 2021/01/29
- [PULL 01/13] crypto: Fix some code style problems, add spaces around operator, Daniel P . Berrangé, 2021/01/29
- [PULL 02/13] crypto: Move USER_CREATABLE to secret_common base class, Daniel P . Berrangé, 2021/01/29
- [PULL 03/13] crypto: Forbid broken unloading of secrets,
Daniel P . Berrangé <=
- [PULL 05/13] os: deprecate the -enable-fips option and QEMU's FIPS enforcement, Daniel P . Berrangé, 2021/01/29
- [PULL 06/13] Prefer 'on' | 'off' over 'yes' | 'no' for bool options, Daniel P . Berrangé, 2021/01/29
- [PULL 04/13] crypto: Fix memory leaks in set_loaded for tls-*, Daniel P . Berrangé, 2021/01/29
- [PULL 07/13] docs: simplify and clarify the platform support rules, Daniel P . Berrangé, 2021/01/29
- [PULL 08/13] docs: fix missing backslash in certtool shell example, Daniel P . Berrangé, 2021/01/29
- [PULL 09/13] configure: replace --enable/disable-git-update with --with-git-submodules, Daniel P . Berrangé, 2021/01/29
- [PULL 10/13] crypto: Add spaces around operator, Daniel P . Berrangé, 2021/01/29
- [PULL 11/13] ui: update keycodemapdb submodule commit, Daniel P . Berrangé, 2021/01/29
- [PULL 12/13] tests: Fix runtime error in test-authz-pam, Daniel P . Berrangé, 2021/01/29
- [PULL 13/13] tests: Replace deprecated ASN1 code, Daniel P . Berrangé, 2021/01/29