diff options
author | Markus Armbruster <armbru@redhat.com> | 2011-10-28 17:07:02 +0200 |
---|---|---|
committer | Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> | 2011-11-01 06:23:48 +0000 |
commit | 0ce6a434176e274a7e86bcaa268542c5cc402696 (patch) | |
tree | 14f99dcc0e0e9f925d79842aec7f1cf1c70f1d25 /acl.c | |
parent | acf8394eaed69f23d39b0ebbb20477aef1afcbb2 (diff) | |
download | qemu-0ce6a434176e274a7e86bcaa268542c5cc402696.zip qemu-0ce6a434176e274a7e86bcaa268542c5cc402696.tar.gz qemu-0ce6a434176e274a7e86bcaa268542c5cc402696.tar.bz2 |
acl: Fix use after free in qemu_acl_reset()
Reproducer:
$ MALLOC_PERTURB_=234 qemu-system-x86_64 -vnc :0,acl,sasl [...]
QEMU 0.15.50 monitor - type 'help' for more information
(qemu) acl_add vnc.username fred allow
acl: added rule at position 1
(qemu) acl_reset vnc.username
Segmentation fault (core dumped)
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Diffstat (limited to 'acl.c')
-rw-r--r-- | acl.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -95,13 +95,13 @@ int qemu_acl_party_is_allowed(qemu_acl *acl, void qemu_acl_reset(qemu_acl *acl) { - qemu_acl_entry *entry; + qemu_acl_entry *entry, *next_entry; /* Put back to deny by default, so there is no window * of "open access" while the user re-initializes the * access control list */ acl->defaultDeny = 1; - QTAILQ_FOREACH(entry, &acl->entries, next) { + QTAILQ_FOREACH_SAFE(entry, &acl->entries, next, next_entry) { QTAILQ_REMOVE(&acl->entries, entry, next); free(entry->match); free(entry); |