motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-12-11 16:00:50 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

acl: Fix use after free in qemu_acl_reset()

Browse source 
Reproducer:

    $ MALLOC_PERTURB_=234 qemu-system-x86_64 -vnc :0,acl,sasl [...]
    QEMU 0.15.50 monitor - type 'help' for more information
    (qemu) acl_add vnc.username fred allow
    acl: added rule at position 1
    (qemu) acl_reset vnc.username
    Segmentation fault (core dumped)

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
This commit is contained in:
Markus Armbruster 2011-10-28 17:07:02 +02:00 committed by Stefan Hajnoczi
parent acf8394eae
commit 0ce6a43417
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
acl.c
View file

@ -95,13 +95,13 @@ int qemu_acl_party_is_allowed(qemu_acl *acl,
void qemu_acl_reset(qemu_acl *acl) void qemu_acl_reset(qemu_acl *acl)
{ {
qemu_acl_entry *entry; qemu_acl_entry *entry, *next_entry;
/* Put back to deny by default, so there is no window /* Put back to deny by default, so there is no window
* of "open access" while the user re-initializes the * of "open access" while the user re-initializes the
* access control list */ * access control list */
acl->defaultDeny = 1; acl->defaultDeny = 1;
QTAILQ_FOREACH(entry, &acl->entries, next) { QTAILQ_FOREACH_SAFE(entry, &acl->entries, next, next_entry) {
QTAILQ_REMOVE(&acl->entries, entry, next); QTAILQ_REMOVE(&acl->entries, entry, next);
free(entry->match); free(entry->match);
free(entry); free(entry);