[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH stable-0.15 11/36] acl: Fix use after free in qemu_a
From: |
Andreas Färber |
Subject: |
[Qemu-devel] [PATCH stable-0.15 11/36] acl: Fix use after free in qemu_acl_reset() |
Date: |
Wed, 28 Mar 2012 14:52:14 +0200 |
From: Markus Armbruster <address@hidden>
Reproducer:
$ MALLOC_PERTURB_=234 qemu-system-x86_64 -vnc :0,acl,sasl [...]
QEMU 0.15.50 monitor - type 'help' for more information
(qemu) acl_add vnc.username fred allow
acl: added rule at position 1
(qemu) acl_reset vnc.username
Segmentation fault (core dumped)
Spotted by Coverity.
Signed-off-by: Markus Armbruster <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
(cherry picked from commit 0ce6a434176e274a7e86bcaa268542c5cc402696)
Signed-off-by: Bruce Rogers <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
---
acl.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/acl.c b/acl.c
index 82c2704..cae059f 100644
--- a/acl.c
+++ b/acl.c
@@ -95,13 +95,13 @@ int qemu_acl_party_is_allowed(qemu_acl *acl,
void qemu_acl_reset(qemu_acl *acl)
{
- qemu_acl_entry *entry;
+ qemu_acl_entry *entry, *next_entry;
/* Put back to deny by default, so there is no window
* of "open access" while the user re-initializes the
* access control list */
acl->defaultDeny = 1;
- QTAILQ_FOREACH(entry, &acl->entries, next) {
+ QTAILQ_FOREACH_SAFE(entry, &acl->entries, next, next_entry) {
QTAILQ_REMOVE(&acl->entries, entry, next);
free(entry->match);
free(entry);
--
1.7.7
- [Qemu-devel] [PATCH stable-0.15 00/36] Preparing 0.15.2, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 01/36] ccid: Fix buffer overrun in handling of VSC_ATR message, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 13/36] Fix X86 CPU topology in KVM mode, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 07/36] kvm: avoid reentring kvm_flush_coalesced_mmio_buffer(), Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 10/36] ide: Fix off-by-one error in array index check, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 11/36] acl: Fix use after free in qemu_acl_reset(),
Andreas Färber <=
- [Qemu-devel] [PATCH stable-0.15 09/36] block: Fix bdrv_open use after free, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 35/36] Add missing trace call to oslib-posix.c:qemu_vmalloc(), Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 03/36] e1000: use MII status register for link up/down, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 02/36] qdev: Reset hot-plugged devices, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 04/36] e1000: Don't set the Capabilities List bit, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 16/36] vvfat: Fix potential buffer overflow, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 25/36] block: Fix vpc initialization of the Dynamic Disk Header, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 15/36] ac97: don't override the pci subsystem id, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 08/36] vmdk: vmdk_read_cid returns garbage if p_name is NULL, Andreas Färber, 2012/03/28
- [Qemu-devel] [PATCH stable-0.15 14/36] hw/lan9118.c: Add missing 'break' to fix buffer overrun, Andreas Färber, 2012/03/28