From nobody Tue Mar  3 03:24:24 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	arc=pass (i=1 dmarc=pass fromdomain=cyberus-technology.de);
	dmarc=pass(p=none dis=none)  header.from=cyberus-technology.de
ARC-Seal: i=2; a=rsa-sha256; t=1772019870; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=gdFIfJxNQkOgznhevG3a45dNGChk8XyZnEdAluvpTJrvFJtDcXojWtlzCsNiNAOW6aBD8Sr1xE6495hWq97ZqwnWRJMlbLXxbKsaVBOqNm2KMZkVcnlj8sWpJKsPHiT7PMQm4ZiygbqUOiuiTWELbfWMQet/wOrrXz+ccFhg19g=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772019870;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=dtui6I4ou0/U12tudFzzuUxcXGuRtnB00EN6PtXxhfE=;
	b=TsvERlEZsWafJYZN9GNmvudWbvnHlpFZ2WjMMVRfjCUHAMkuTdGgRqsq74OlA7un+wQ4aIhvay5jh3WqIUSa4Qu4Bis7E5lZhwh5ql0K5f5BwuOL4g58Fhk7G0XnPx556fTlGCpDiRwRrxsl7PwMJuumMdMUs3u8veB8luf94RU=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	arc=pass (i=1 dmarc=pass fromdomain=cyberus-technology.de);
	dmarc=pass header.from=<stefan.kober@cyberus-technology.de> (p=none dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1772019869783636.2419276195426;
 Wed, 25 Feb 2026 03:44:29 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 897B241D6F; Wed, 25 Feb 2026 06:44:28 -0500 (EST)
Received: from [172.19.199.9] (lists.libvirt.org [8.43.85.245])
	by lists.libvirt.org (Postfix) with ESMTP id D434041DF3;
	Wed, 25 Feb 2026 06:43:54 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 2142D41D4B; Wed, 25 Feb 2026 06:43:51 -0500 (EST)
Received: from FR4P281CU032.outbound.protection.outlook.com
 (mail-germanywestcentralazon11022137.outbound.protection.outlook.com
 [40.107.149.137])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits)
 server-digest SHA256)
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 41D2341B64
	for <devel@lists.libvirt.org>; Wed, 25 Feb 2026 06:43:49 -0500 (EST)
Received: from BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:46::5) by
 FR1PPFDDA7E2191.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d18::f9d) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.9632.23; Wed, 25 Feb 2026 11:43:45 +0000
Received: from BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM
 ([fe80::22e6:cd85:829e:3dae]) by BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM
 ([fe80::22e6:cd85:829e:3dae%7]) with mapi id 15.20.9632.017; Wed, 25 Feb 2026
 11:43:45 +0000
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-2.7 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=cHPQN1rygg6VH49J9pRcTtjyUNN72eYEt9COnpY8LDykqOdl54HxbtfjtdOMlz/gwBuZgL3OiTsSc9zDLjL1IrgJvR2KHMYbhWHb5t74f/lxDfl3mlrBoQESFI9QVsgzF9zPY8gWAQ0iFBaaP40HkIfHvtBpdAChdxHonvdwvYa/VdXx4M13i4Xuw5BhvLD2ziOWL6uB1L69wcSKQfigpLApNjCkdrNTW+1ng82huGgy5yol9aYNjQkoK44kxvLcKvqaAkI36LmL0N3qZtRa7H6vqLptgJ/4wX1oUvlsqI6x5XXTAWnyX+WJ5HRWNVA7MxFizlG3CfMsTqQOl4QK6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=dtui6I4ou0/U12tudFzzuUxcXGuRtnB00EN6PtXxhfE=;
 b=Y2cYYsmGeCofrKefTyDy+oN4AiYmCbtVe7sb+RLj5wZ8z2j+Qlmv6IQ5J9EDQ/H2EYmwGXCjw7p1ZRq994rBIJP0dieTMNQjCYWL7GW4v7PP7MxONc8ZF/EzK35REixHoMnGita+jQoplYQJomDyF5oU0WJuI0esvEcxzk2sZ26L1/2cwjpDvJ1IekK6oA4I8E1xUJMeVVZu8CbDwe8h28kQwv42DMRJcn3sqyF5J6PbpP3ma0xYCYANTXlmxGt7l5+NmvLjw892FbPJccYzivpkw+Xqb+jfxu0ljsYi/Jd0msIMnTSjX4GAHN7eIO7OTgHH0Mp3qUsncO4Mt9oJAg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=cyberus-technology.de; dmarc=pass action=none
 header.from=cyberus-technology.de; dkim=pass header.d=cyberus-technology.de;
 arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyberus-technology.de;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=dtui6I4ou0/U12tudFzzuUxcXGuRtnB00EN6PtXxhfE=;
 b=A32A0Y0mHO7EYgjW4/fYPxaWWKWcN5NMHp4IQSJbzstz9AZzxpbWh6doACt4VHwakolVJ6fq0LL4ZJQhxmOAm/xcs+dSsiOjCEHmQwx6OFU5QOrbTTL+rkB8q6q8BH1MUFYLTYlewPyvrCJSDovm8jkdJ6RJhM5V5FtlxpipjOvP9+ZJCw7OiJP4vtONzo6ekjgY14hy5mFVnXKO7xZHJyhmPZpJ3k1a5OD8PXTIrJI29v/eMgc23F5NlTJRzUlSriVbfIGrZ2MgiI8chTyyjAOONdt0t+YU/L5IeaG4eHQIwILPaPf/oQUEUeYscA+OMYL3to00tpUxSZ83PFDYLw==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=cyberus-technology.de;
From: Stefan Kober <stefan.kober@cyberus-technology.de>
To: devel@lists.libvirt.org
Subject: [PATCH] util: fix use-after-free in virIdentityGetSystem
Date: Wed, 25 Feb 2026 12:43:38 +0100
Message-ID: <20260225114338.407135-1-stefan.kober@cyberus-technology.de>
X-Mailer: git-send-email 2.53.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: FR2P281CA0025.DEUP281.PROD.OUTLOOK.COM
 (2603:10a6:d10:14::12) To BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM
 (2603:10a6:b10:46::5)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BEZP281MB1973:EE_|FR1PPFDDA7E2191:EE_
X-MS-Office365-Filtering-Correlation-Id: 941c11d9-e232-4482-a0fe-08de746321fb
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|10070799003|376014;
X-Microsoft-Antispam-Message-Info: 
 cQSWBXw4eHsWmLqh94ivX177823ZL2IOCyK8M0oQL/fWz4HGZwlMki5nh8gDVy73VEjZNnzV/D8FXoXR94lCyJCcEpA/G0NJQ0yn1jqI3+pG/jZefoU+UUYXRT9SuhWIHbYIcJJYDXebN/or1+gPPHbd7VGCD67f93FaAlFBUhfcCxOSArUDd+PP/x+BMuCwhwFLRPGzCjOcwh0odc+R9+Kt1J0nG2yvXOceLpTiu27cSnN9Pim8CJoOncvYag1mfiYu7d13PIPapOC9idQ5hXs6hMQNlHWLwbZPdCmjsY9OatRLSGMpNxn/+hyE4BdT7wTktXHNtoRc0pSlGSb0XjKPPe5VbPFQSCdZiclHQJpzgFNPV1KDN/ne84As1jA6EXsXkymMWQgOdWL8k7KMT2sxC6/OyXpKiEWKk0iE8ulOifzoIjn46ovdC9OLjIgVjmuczHKOq1Vs6cgI3fYXFyJeookgYDMfFkg/H/eS+dbkNHMA61faDelz7PIM6fZXJ2orBWRBrPpt/Z0qbjEQRifQTuMKpiMZNGrqHncMvHrsCvzXaQO+4NnVQC6pCs6QSQcbfpdLAOsCcpoDDyHbcckYkol2Hoxcf0InorQmmr3gTLuEU7mJCUgksa9YYoo8avpLUse6J7Wqn/QbNKGBOSCiGeOnf4nB9UJpoEjPxudGqRXu/1XnHG9uTSt3mzbxfpfHinkHkTOwAe9mw60zrg9YrPZP5PCC8eZ9chgCKiY=
X-Forefront-Antispam-Report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(10070799003)(376014);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?B37t2mk3kpsETYsA/n89IPJhgz5COVeRWrsz7tc+IVEykLwvvl+9plwA6ETF?=
 =?us-ascii?Q?tp8TfxQ9GmKHPXal70ZE+EDGWrf7OEs5yntNpNclTip+wOxBPiZVp1l0WDlT?=
 =?us-ascii?Q?LyTZIkuQagiPqMUbsqlfUEL+mdxGKo6x2WJoTYTNboXaiWzG0JlFXi5Sc27H?=
 =?us-ascii?Q?Xh+2ICQxlAuWNNy/2Rssf7vYogHbteWNSSOUmnEBuDG6KpAzdGzPzNiUFftK?=
 =?us-ascii?Q?XfiBMuD5sP7TLhUQUfl59uMdRti9zIYhzgbBoKH8OiK37pvdpXYdWlPzFCd+?=
 =?us-ascii?Q?1yqJs5fHsfeZcp2MqB9l1lG0ZfEvBvOhk3qp923QtSzotZ9bHV24Z0+FuYpE?=
 =?us-ascii?Q?uLsb9gKxNps6KUNhqvxxIxXxKJCeVJ215Lra7dS6o4uv1oPdZ7pTYBV9Dkzt?=
 =?us-ascii?Q?lS3FVyaY7b+5m0Tjd9rVjbzk0L2B11L6JTqBvTBguvajsAuqDUlud0BR+L2O?=
 =?us-ascii?Q?i5IpwmkKy3p41rk4YDbaOfe2mkjBcHKjsneMJeJ4aaHftLQmtiepbAIZfY4B?=
 =?us-ascii?Q?JSzVLcU+hxn8Ej7s2gtxBIRv3vvjH8YTTf9Aiyt9MR1jF3fsqzJp7EuLf9T7?=
 =?us-ascii?Q?PHzCPBBUzcL93qr9Pjx4HKm6+nBZElPuGvjxQ6p+Bi7Zi5r69rrWEh/FZ9d9?=
 =?us-ascii?Q?2R2VB74bpnAieJP23UXQ9f7Jm6EKIc3zVZftScL69IvSU/EENs6v1oOnj+0w?=
 =?us-ascii?Q?V2zgbWUd6pJ2FW4TldoiezGYGz4GZtm7ZQwzBzryIa5F5SSXnVyrw/HnyaWT?=
 =?us-ascii?Q?lkLerhsIeOUHNnMntuUTM1lkj76QVwjp0B4cZA5gd7brJM35jzsBYRSC6O56?=
 =?us-ascii?Q?Yel2tonn79knf92yy5+V6b2+2QOK5H0lm+Go+Ra6esDijLjJd2Lt5I0LS2Rt?=
 =?us-ascii?Q?/MFCn8PssEoPPSytX/H6ct3CD/BYwEYHzXRUCeJ+6JblRsDuZRp4QwZ6D2QK?=
 =?us-ascii?Q?wrc4IeMb9oxXmUHV9GD6TYibU3dZSgBBzIBeWwiqs6XbFn5CYzM1VSkL4kTG?=
 =?us-ascii?Q?EK6ogyIONChTnvaWiHkFgI9yWllxIojlFPoJldvL3GuycbYixuo85kG3c9K2?=
 =?us-ascii?Q?DgjnjyrbeQsHEeF+eX8/JsvVVgSQpzbXTBzk9JhAlWiTpXgFqbhKtUrbSFH+?=
 =?us-ascii?Q?2kJY0PErwwWwecykonlQCnKzbOyaxymE0K7gNQClcIOERoHNE5eBCNTzqRS6?=
 =?us-ascii?Q?H3CaRSLRduFH/vmpJ7+EudgDhqwkjjJQxVXpXn6j+iw7mJ2AlEimzo32UDD2?=
 =?us-ascii?Q?JWpox4aQTifb/JYfBYhgEEeTgJ9J1PUZ8EBmRPqdDGf8ptQMrOUKmTCa8SpN?=
 =?us-ascii?Q?7dGs+piAIROESWmPq1XQShZFtT0wx0BHJUS3d4Ox+tvIhA1K1BsIdOvsPjZ0?=
 =?us-ascii?Q?7Z9jIpIkXVhn4x/b3WmTCzNJwBqLz6/WEKUL/bmRb2EQqBfD4Zxg+SoTxbBv?=
 =?us-ascii?Q?tJSAwlv7fzqN4Dq/1DUCPYNjxIff2y7AY/9wTs4iq6xXAl+UYqenB7aZ3a+q?=
 =?us-ascii?Q?ym5tsEzNJWT3udT3ffHa7cUUxG5E1cXJ3rvGfdYd7hqClxU6xpwc5b+80/6K?=
 =?us-ascii?Q?G6Lg1wkYLOqwcKiKX91VVq8t9P/EMHGUJZBXcviXH2O+ZkBapS7sMFwKfgWX?=
 =?us-ascii?Q?FpaVLv/2siHe1/BQbXMeyfL2vrteKCjDUjy/blq9z2rf/wiPMFQUfrWSjNeD?=
 =?us-ascii?Q?hcI7iJpEIn+X1vgfteGgJXYnixUrV9IWSXypQdxEVMFKIi0W7q48wzqQnT69?=
 =?us-ascii?Q?ozTSYKvPgGSfst+aW2rHdPnNF/p6GbZH351gLNO8exTDSPAVXaELWplKgq3V?=
X-MS-Exchange-AntiSpam-MessageData-1: 
 DhGrlSwRaUSU7tPlzm7xnvMKWCNxOopmKAqG6tFzagPN7KBLIHDXF2CC
X-OriginatorOrg: cyberus-technology.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 941c11d9-e232-4482-a0fe-08de746321fb
X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2026 11:43:45.5476
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f4e0f4e0-9d68-4bd6-a95b-0cba36dbac2e
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 byis1rHgZeHluRemsDtliKhKaIvSHf5pvJ1LF27MhpaUJFmkqHBQaf7Mvr1YkE0wcN1W2MUdOMDKH81zY/srQe0PSikRuwSZwOXIfQo7SaD+/YTtQGmmeimTcaoKsEvT
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR1PPFDDA7E2191
Message-ID-Hash: YPX7WUUWDSUMOSIEWYIQTKA4SZGUI2GE
X-Message-ID-Hash: YPX7WUUWDSUMOSIEWYIQTKA4SZGUI2GE
X-MailFrom: stefan.kober@cyberus-technology.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-devel.lists.libvirt.org-0; emergency;
 member-moderation; nonmember-moderation; administrivia; implicit-dest;
 max-recipients; max-size; news-moderation; no-subject; digests;
 suspicious-header
CC: Stefan Kober <stefan.kober@cyberus-technology.de>
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/YPX7WUUWDSUMOSIEWYIQTKA4SZGUI2GE/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Owner: <mailto:devel-owner@lists.libvirt.org>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: pass (identity @cyberus-technology.de)
X-ZM-MESSAGEID: 1772019873399158500
Content-Type: text/plain; charset="utf-8"

We have a g_autoptr ret in the virIdentityGetSystem function. In the
happy path it is properly returned by doing: return g_steal_pointer(&ret);

There are 2 early return paths, were we do the following: "return ret;"

This leads to the g_autoptr being cleaned up after we leave the
function, as we do not properly "steal" it.

When later using the return value we have a use-after-free, which has
led to segfaults in our case.

We fix the early returns by doing the same as in the happy path.

On-behalf-of: SAP stefan.kober@sap.com
Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de>
---
 src/util/viridentity.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index b7b88056ac..10935fba60 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -327,15 +327,19 @@ virIdentity *virIdentityGetSystem(void)
         virIdentitySetProcessTime(ret, startTime) < 0)
         return NULL;
=20
-    if (!(username =3D virGetUserName(geteuid())))
-        return ret;
+    if (!(username =3D virGetUserName(geteuid()))) {
+        VIR_WARN("virGetUserName failed, returning partial identity");
+        return g_steal_pointer(&ret);
+    }
     if (virIdentitySetUserName(ret, username) < 0)
         return NULL;
     if (virIdentitySetUNIXUserID(ret, getuid()) < 0)
         return NULL;
=20
-    if (!(groupname =3D virGetGroupName(getegid())))
-        return ret;
+    if (!(groupname =3D virGetGroupName(getegid()))) {
+        VIR_WARN("virGetGroupName failed, returning partial identity");
+        return g_steal_pointer(&ret);
+    }
     if (virIdentitySetGroupName(ret, groupname) < 0)
         return NULL;
     if (virIdentitySetUNIXGroupID(ret, getgid()) < 0)
--=20
2.53.0