From nobody Sun Feb 8 17:36:57 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1611940292; cv=none; d=zohomail.com; s=zohoarc; b=VtPKgKaTalVzc6A4QY2JEWghZpk7/dK4JeIL+zwxOUrJG5VrcwF0Ids01ap6rB83AbWD+9XGz4wre7ZvRVzNYw7JcUw1fRjXu+H0Kh/0tIko1WOWcZhB9vWqj2kBMMOFsNVrJnz5pH8Rq+JpFaHX0rN5ogUnU0p1H3Ec8qMKQOw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1611940292; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=0Y+XsgsuNWj+0ga3joW8YXXOVTV8AzQFFMVZpMMxo6M=; b=YwdHiXuoRLN10JZDs+A7bXcHo0cZLp31zHSPWUkILgZa2/ZKlYZhGLgyedISJeZX1/JlxL1Qies1yOb4zOhNy5OJmZgjGp5GbEssGFsds8/Do4QK5IQzU7fU3pyql1Ez12zWAyjd4Vzb2VOK3MdoHRziq43YFopxzf0z1KU8cOM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 1611940292801169.7627652147105; Fri, 29 Jan 2021 09:11:32 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-598-w4jU-zkXM9ePGb9XB9UWig-1; Fri, 29 Jan 2021 12:11:28 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7808D192D787; Fri, 29 Jan 2021 17:11:22 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 520F410074E5; Fri, 29 Jan 2021 17:11:22 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1D6B31809CA4; Fri, 29 Jan 2021 17:11:22 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 10THBKQc018663 for ; Fri, 29 Jan 2021 12:11:20 -0500 Received: by smtp.corp.redhat.com (Postfix) id 405B05D741; Fri, 29 Jan 2021 17:11:20 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-115-94.ams2.redhat.com [10.36.115.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2827A5D705; Fri, 29 Jan 2021 17:11:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1611940291; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=0Y+XsgsuNWj+0ga3joW8YXXOVTV8AzQFFMVZpMMxo6M=; b=TdUwLSl8fExum18v4r1PZ1jRZKkObZF3IkXvUG6hYAXVrLT4cE134IMo7eXWeTm+mcN6bP jw+7TuzGbHk7YNoRi9AlZpynNIr5OBnM9hq/2Fbcdw/OMuwXg6uGk5Ess8tCPuoIRS72wx 1w2X6EwxwjZnMdbW3H2LIJAwPsMRF2A= X-MC-Unique: w4jU-zkXM9ePGb9XB9UWig-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 03/13] crypto: Forbid broken unloading of secrets Date: Fri, 29 Jan 2021 17:10:52 +0000 Message-Id: <20210129171102.4109641-4-berrange@redhat.com> In-Reply-To: <20210129171102.4109641-1-berrange@redhat.com> References: <20210129171102.4109641-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: Kevin Wolf , qemu-block@nongnu.org, libvir-list@redhat.com, Max Reitz , Gerd Hoffmann , Paolo Bonzini X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) From: Kevin Wolf qcrypto_secret_prop_set_loaded() forgets to reset secret->rawdata after unloading a secret, which will lead to a double free at some point. Because there is no use case for unloading an already loaded secret (apart from deleting the whole secret object) and we know that nobody could use this because it would lead to crashes, let's just forbid the operation instead of fixing the unloading. Eventually, we'll want to get rid of 'loaded' in the external interface, but for the meantime this is more consistent with rng, which has a similar property 'opened' that also can't be reset to false after it became true. Signed-off-by: Kevin Wolf Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/secret_common.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/secret_common.c b/crypto/secret_common.c index 35b82cb531..714a15d5e5 100644 --- a/crypto/secret_common.c +++ b/crypto/secret_common.c @@ -191,9 +191,9 @@ qcrypto_secret_prop_set_loaded(Object *obj, =20 secret->rawdata =3D input; secret->rawlen =3D inputlen; - } else { - g_free(secret->rawdata); - secret->rawlen =3D 0; + } else if (secret->rawdata) { + error_setg(errp, "Cannot unload secret"); + return; } } =20 --=20 2.29.2