Merge tag 'pull-nbd-2024-08-26' of https://repo.or.cz/qemu/ericb into staging

NBD patches for 2024-08-26 - One more patch for CVE-2024-7409 (use-after-free on nbd-server-stop) # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmbMh9MACgkQp6FrSiUn # Q2ovfAf/TyHYtJUwSAQ3dgn4PlTym4FqN8CXa+EJQR9xSLJ5jAX3QgLBieUiIT31 # AFr9W6eqWNz4NksbeoHdwZVqUlkGJFsfiyTOK93k4/fYQdTbqSHPwo2FYlOXqdJB # bZN10zEvd7YRMrxTjGyPxNFCm2iIMZy8uEerOrY9hV1PVULHg6u3Pu8a6El4BK8k # k5S0SwluTkUkBLbqtEC6fHjdfFFr/dC8IB11Ly8FdxKHixIaUTVsZ20guNM0Q5Ca # kU2em2PcroDq3B0x3linD3xh3pVmlHdb4H+9runmGPnpJj5wjPL35aDzlU7GCT3B # kEGX5VzOJOJUXoHVyYrvJCD4I7YgMw== # =ZDYx # -----END PGP SIGNATURE----- # gpg: Signature made Mon 26 Aug 2024 11:49:07 PM AEST # gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] * tag 'pull-nbd-2024-08-26' of https://repo.or.cz/qemu/ericb: nbd/server: CVE-2024-7409: Avoid use-after-free when closing server Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
author: Richard Henderson <richard.henderson@linaro.org> 2024-08-27 07:06:42 +1000
committer: Richard Henderson <richard.henderson@linaro.org> 2024-08-27 07:06:42 +1000
commit: afaee42f777bc359db95f692804f7fc7e12c0c02 (patch)
tree: 152e3f50f9a97f908dbcff420127956fcc3edc1e
parent: 594ff839486fca7d588e2a11e70515193ce3a9f0 (diff)
parent: 3874f5f73c441c52f1c699c848d463b0eda01e4c (diff)
download: qemu-afaee42f777bc359db95f692804f7fc7e12c0c02.zip
qemu-afaee42f777bc359db95f692804f7fc7e12c0c02.tar.gz
qemu-afaee42f777bc359db95f692804f7fc7e12c0c02.tar.bz2
1 files changed, 8 insertions, 4 deletions
diff --git a/blockdev-nbd.c b/blockdev-nbd.c
index f73409a..b36f41b 100644
--- a/blockdev-nbd.c
+++ b/blockdev-nbd.c
@@ -92,10 +92,13 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
 
 static void nbd_update_server_watch(NBDServerData *s)
 {
-    if (!s->max_connections || s->connections < s->max_connections) {
-        qio_net_listener_set_client_func(s->listener, nbd_accept, NULL, NULL);
-    } else {
-        qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL);
+    if (s->listener) {
+        if (!s->max_connections || s->connections < s->max_connections) {
+            qio_net_listener_set_client_func(s->listener, nbd_accept, NULL,
+                                             NULL);
+        } else {
+            qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL);
+        }
     }
 }
 
@@ -113,6 +116,7 @@ static void nbd_server_free(NBDServerData *server)
      */
     qio_net_listener_disconnect(server->listener);
     object_unref(OBJECT(server->listener));
+    server->listener = NULL;
     QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) {
         qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH,
                              NULL);
author	Richard Henderson <richard.henderson@linaro.org>	2024-08-27 07:06:42 +1000
committer	Richard Henderson <richard.henderson@linaro.org>	2024-08-27 07:06:42 +1000
commit	afaee42f777bc359db95f692804f7fc7e12c0c02 (patch)
tree	152e3f50f9a97f908dbcff420127956fcc3edc1e
parent	594ff839486fca7d588e2a11e70515193ce3a9f0 (diff)
parent	3874f5f73c441c52f1c699c848d463b0eda01e4c (diff)
download	qemu-afaee42f777bc359db95f692804f7fc7e12c0c02.zip qemu-afaee42f777bc359db95f692804f7fc7e12c0c02.tar.gz qemu-afaee42f777bc359db95f692804f7fc7e12c0c02.tar.bz2