motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-06 09:13:55 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

slirp: avoid use-after-free in slirp_pollfds_poll() if soread() returns an error

Browse source 
Samuel Thibault pointed out that it's possible that slirp_pollfds_poll()
will try to use a socket even after soread() returns an error, resulting
in an use-after-free if the socket was removed while handling the error.
Avoid this by refusing to continue to work with the socket in this case.

Signed-off-by: Steven Luo <steven+qemu@steven676.net>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
This commit is contained in:
Steven Luo 2016-04-06 22:04:32 -07:00 committed by Samuel Thibault
parent b5ab677189
commit bfb1ac1402
3 changed files with 23 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
slirp/socket.h
View file

@ -127,7 +127,7 @@ struct socket *solookup(struct socket **, struct socket *,
struct socket *socreate(Slirp *);
void sofree(struct socket *);
int soread(struct socket *);
void sorecvoob(struct socket *);
int sorecvoob(struct socket *);
int sosendoob(struct socket *);
int sowrite(struct socket *);
void sorecvfrom(struct socket *);