From nobody Tue Mar  3 03:12:38 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	arc=pass (i=1 dmarc=pass fromdomain=cyberus-technology.de);
	dmarc=pass(p=none dis=none)  header.from=cyberus-technology.de
ARC-Seal: i=2; a=rsa-sha256; t=1772023868; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=KuLD1MkOAL58ba+uP1V6acnPVbsomU1HFMTfXWNfw1q/idebGIKM9jBsOiJKavWLAhac7WReP7d19ZQ1EaIrs28GoVeBYnA0TAcmQ44/quPddEpiDVUfif5qe+wRnmioazaFebjUtT+5EmczNPsDfWx03J/ujrEGxdlMynLu2us=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772023868;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=D7Pdd5fWHfzcR5ETeXYZPK5/zwfzS6Vc5qF341qaG6I=;
	b=InTKBKyCMVB3YAaCpcCNHglK/hubVyvlHWsxchwFiEmvrLF9M3TmJt2pOUjP0WCojH7BdtrsID8XPCoVSzNF97iQaSGpgZ+dEt7tfW0t0N08xudDax9eXvVa+QGnZ7XaRjHFG4pi9rBJ4dFxBNlc7bgda+XevdaZvKvmWaSV38o=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	arc=pass (i=1 dmarc=pass fromdomain=cyberus-technology.de);
	dmarc=pass header.from=<stefan.kober@cyberus-technology.de> (p=none dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1772023868269349.20990837632326;
 Wed, 25 Feb 2026 04:51:08 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 453EA41E0B; Wed, 25 Feb 2026 07:51:07 -0500 (EST)
Received: from [172.19.199.9] (lists.libvirt.org [8.43.85.245])
	by lists.libvirt.org (Postfix) with ESMTP id 82C1241E41;
	Wed, 25 Feb 2026 07:50:30 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id CF70441BA0; Wed, 25 Feb 2026 07:50:26 -0500 (EST)
Received: from BEUP281CU002.outbound.protection.outlook.com
 (mail-germanynorthazon11020102.outbound.protection.outlook.com
 [52.101.169.102])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (prime256v1) server-signature RSA-PSS (3072 bits)
 server-digest SHA256)
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id BA76841B9F
	for <devel@lists.libvirt.org>; Wed, 25 Feb 2026 07:50:25 -0500 (EST)
Received: from BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:46::5) by
 FR2P281MB0073.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:10::10) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.9632.23; Wed, 25 Feb 2026 12:50:22 +0000
Received: from BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM
 ([fe80::22e6:cd85:829e:3dae]) by BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM
 ([fe80::22e6:cd85:829e:3dae%7]) with mapi id 15.20.9632.017; Wed, 25 Feb 2026
 12:50:22 +0000
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-2.7 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=OApRcuBvcoMzrqC16Htq1m/f9LbuYCb8FK4fGti1Rg/PEZYDi6SnskyVaXePOCfUt/DWmkFFmkvQFQlroamPOEDhz6lgRTNfa+yLVgfmxNdOShQZoUUo4t5IQ10eiivhTrE6aCfF433tqB29bpaKN3fqLZM/Z1nHM1KpUsi4uTivfh93GDJEBDvoBZPmkmmNs3cKC16Ts2fXLeKjyDVfu/yRCNI2rRLEAG+kpfLkbzHadavVfR2ULgLVQ0pr5oM/wuiwheXJjTFTUKjZF9PQsowZ6HG+4RuP+HNpQdyMCP1Zut5OVpNv7mHRd49oML5wBQ3rKKzW91vJLpmfLuVqDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=D7Pdd5fWHfzcR5ETeXYZPK5/zwfzS6Vc5qF341qaG6I=;
 b=uO6+U9GDz+UV+tytwsuyDj76wNm9T1HpRBJyZElS3fJs5KaZBGTQLmlhqvVp49SYgqBktimWR3k9eux2KGK7r9sKC4/KbQkWOtyPQCgAXRxfXrOJZHnL0FzRqL8F6cn8cA+qH2CGW2GiMueXG9NlWrDPQNWxWFWCqkMnSfeE15lq8Ao/TIb1FWzkU7jDEP9dcrvC/TOd+8dxNE8qj8+9/s8CK/f+pR3h/QS4sKTppyFz3h93Z4STOMNUUSuP4nCkJKDiauTVDelMIs3lpM4MhhAee10PEunrTGRKns/RfGL7X9C7kyjZMliCPInsL5EkPVegZrkE//AtIHBtNH6W+w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=cyberus-technology.de; dmarc=pass action=none
 header.from=cyberus-technology.de; dkim=pass header.d=cyberus-technology.de;
 arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyberus-technology.de;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=D7Pdd5fWHfzcR5ETeXYZPK5/zwfzS6Vc5qF341qaG6I=;
 b=wk196IRS0wSAMxEk19Zk7WdV9pxJdSMbrML/GuK92KHVH1dnAXKzhMcGi/w+q9mN5cBSVttNlQeReJvppjt7KLwEBTH0uo3r7UjSWysPMgs91OoZq83c53liqGxjxswjJ+gjAyc9f2eFYECxK5Pt5Yt0uz5/lTmfq07hmmXMWSv4mb757EQurK8FPZBZYKaYc3I8p1AljBRbRw813VWvqLOODVjdYoKCOIlr8WtEsQ8mCvjtElPberBSeMdeSADB/f79Ug92mXiJSyALZ124/0JDtxB4+48WraCX3ujCU2slwCq+K+BZ3xLzGhurofrgUtgfDl8nzkvx2My4i5Z1iw==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=cyberus-technology.de;
From: Stefan Kober <stefan.kober@cyberus-technology.de>
To: devel@lists.libvirt.org
Subject: [PATCH v2] util: fix use-after-free in virIdentityGetSystem
Date: Wed, 25 Feb 2026 13:50:16 +0100
Message-ID: <20260225125016.414738-1-stefan.kober@cyberus-technology.de>
X-Mailer: git-send-email 2.53.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: FR3P281CA0034.DEUP281.PROD.OUTLOOK.COM
 (2603:10a6:d10:1c::20) To BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM
 (2603:10a6:b10:46::5)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BEZP281MB1973:EE_|FR2P281MB0073:EE_
X-MS-Office365-Filtering-Correlation-Id: f3884eb4-4a19-4292-9088-08de746c703b
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|10070799003;
X-Microsoft-Antispam-Message-Info: 
 hZzTTzuKhGl7fAUMhCQtb+Gv2C53IubhrhTkbxKtjawXh4v/weZx31gyOgLzAem1Dv1RjCugmPbF6KpkRofPabs5gyduEzHUYLesblpCRgvKuIpW+D8iOo48pj4ZzCE+nlHDUuPh7ZZ5dKmc8KNdSPMEb8aWDHe6HbCZsiF+9mphogfjDB6BrkI97N0RKBqj8gobKDNPd+5BDdMqM5IUkfgpribQfV5CwXZExp4ci8l8OXgyEkkKQ6yD9spN7Vgdb53qydv5frwLbIs7zNG84dSYVGcM9hGmto5q9ggx2IYkzGDUjRy0Y0LX3e4IJg58u45fvRiA/RBA/JXvqUf2kTMxxmKLFPWwc1DlUU5cXXF+I+m0see8zP7jFuztBGJEhod/UEolzwfbOHzCZ7/kaykVzGcyD7ugnhhmbnv1YI94ELAhG0iv9ddRkpTnN/MSkjnwg/evm7IoJj277PDFfsCJ0cb9y7p2OhTrQ4j1cD3URBLF7jicsqhl9MSj5O0jCN/2DTVVD6pnXF9hiuD0Y7BXRdRzS5BDfKFJt4/s0r6GOdhedPRPRKxVoB150pjqeTWCh/O6WHXhqN6J/o4yso8/hBsgpjd1ZNSfI1Tf5THbx4whxizi/3Y23+ePEO1hF5dCsrixSmJM+ko6uQNhh9rTey+uLQvgyZYguSmf1PXHkK+15g7OFoQa4fqc45+bNW74t6MtTsBX9AYshlHYFGv9mOw/muGLY3Da+/NuIdc=
X-Forefront-Antispam-Report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(10070799003);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?W++5Kw4y3B7UOrGX21kHhn4Uqzf6G3xEw85UX1dbL+pslT30kz0Ln9XRnfzw?=
 =?us-ascii?Q?jEqZMxQVF4+nsAAKFarYpmtZEYkmamN90XQ+YB0gZlIMfGXmn1kSh/YimdbB?=
 =?us-ascii?Q?B2EjIK39d+darF3MuSiIcmdeyQN4Jx2XNp+S0xMxEOkctPOWOQPavKre7y5l?=
 =?us-ascii?Q?CEIZRcxvHKNeEbv52ltlXQ0jPR2Wp2bJl421d9aRx8b1jjjckU2stzfjPl8c?=
 =?us-ascii?Q?Mfc558zGAH6tLp/zLCHURTHYawx91WBQMJ9QEW1d++t808Y5+lHhIxU2jw0e?=
 =?us-ascii?Q?r8qLNY4h/ckOe8QWBUHprMLP7ISgqq+75JwbsWwO2L92YzGfkxsFkC1R1RbM?=
 =?us-ascii?Q?LF3D7jhoVlHd3MY+bYyltuw/1rGZYw8RLtq2WWStxXauMnnchnZyXOPrO23l?=
 =?us-ascii?Q?8f9YHIjIQZOGoNrrwTlRfecfYqIfn0SNWUsSyPZW9bn/cT0cyhtRlhUSn33O?=
 =?us-ascii?Q?4e8/xoW5Xlx3YhWYyytPpvB9jdjbSa8UFDU6feT2a/wrJ3Z7gjz3WBsG0nP5?=
 =?us-ascii?Q?C+HedaCqbtInel/oS28UyTunVKSnKC81r/2uLiUGsfb/EFSReSMTdLOu+xSr?=
 =?us-ascii?Q?rq3YsLdkZScCTo9LjMug77AjvGmUfLvBDnDblG3nri6SN2lq13U2p9NjXJ3a?=
 =?us-ascii?Q?tbubZTZPFC+ZU+XaMN5FbJ93VLKtg3fKe6zFojp/+JY8owVTIP3TV97dD4ym?=
 =?us-ascii?Q?j79WSwqZXrzhMInjMyFq8Z7AYPhrglQm/cvl6OxOoGYmgX4HG/ErvDG0XkOB?=
 =?us-ascii?Q?+In7JcANLdH03XsiK6e3kKX3ahIYryLL4qbvW2zy1I2tT3TPkQ2lQoH1uofc?=
 =?us-ascii?Q?hpkGr9t6OYDbtzlB9vZegGLDNu7sdQPVy57WRYsPE/q7i4pIGEXDopepw0jV?=
 =?us-ascii?Q?0fugizme8ourhSJ4wArYzrk6EdEV0hfFBzhlHdN4jlJfpYMT4Qd3WTfU0IyD?=
 =?us-ascii?Q?O0riyFNDUK1/KMKVWhLgavdcnmpJu0BsBWbjYM27fWgk6wnjTNICZPTJSRs7?=
 =?us-ascii?Q?+rOEjjuq2G018pNClszDGFVvqd60SwrTb7u/0gEoCe9gTvljdkh6aOoZ2mPP?=
 =?us-ascii?Q?2OyITNakb55ZpnsQn9GGKqGJJKavxZxnm02kKmB2XlLIyzyWwVw+lDdAY3kY?=
 =?us-ascii?Q?oHZgvrtgFCUG5Sra9JRLB7wmjsJTs92Togu9CK6t84+re9xUnehXjd7M+Q4I?=
 =?us-ascii?Q?S376XdpMhoFNa7C1YcgoS3MkNfBGMQ6epx6MOEZlqZi8MfGfGJJnB87ybNTJ?=
 =?us-ascii?Q?V36rpSrMJkkFJZ7X6InsfHYDr9i/UgdyE8oML8gHv/UDvMtuoGfl4qZ8cjLB?=
 =?us-ascii?Q?eNwPdypGEaNfZ+othoF9rH1O1UYM/zu305y9qmN9Zr4NgGOImtK7HXFe/YqL?=
 =?us-ascii?Q?3MGchTQ7vZMnq+RjbvyZvnUyU9iURWR91dIvI0EVOYxU3Pt6++DM1pyEsjGM?=
 =?us-ascii?Q?fcdtUlEmMQiYjYg3aSzHUYjNaB07taPLQFmgHiNQftdd8nUkdmYx2curheDt?=
 =?us-ascii?Q?KL2VPPy/oYcMFXiAzdJcdzqIy0DHsjUZldi5lcngxFfdc3CF0CDbw3dPflRf?=
 =?us-ascii?Q?aE5tgLu/1ku+E76yQW10JwccP+3yNxVVJY5lsTYTF/uOQsZYQQlxNaD/RArp?=
 =?us-ascii?Q?WNXF/i1twV7o8AQbvbRsLtOSm0XYozfrOg3MWq0mc0bH/pEgiZcnnu9riAOs?=
 =?us-ascii?Q?eib6FyVvSaNNRTUlyTH3ERQCnfwJnX7mLrHVTHxAbmbTYJd/mAJWKeHXtJ/7?=
 =?us-ascii?Q?yQPnkKZ9zSFlDtnhEFU1d/Ojf9tQ7iNVp+LfXtr20PosK8XA6c8MmIz5c1Q9?=
X-MS-Exchange-AntiSpam-MessageData-1: 
 yvD4u4VTA/R7RbHmtb2R7V7agWOf7J+xToKNrunCgH7gSTFSMqKqJdFj
X-OriginatorOrg: cyberus-technology.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 f3884eb4-4a19-4292-9088-08de746c703b
X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB1973.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2026 12:50:22.3516
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f4e0f4e0-9d68-4bd6-a95b-0cba36dbac2e
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 YQpa4kfnCPkVdkMdq8PtNYwgD5w74nQZ+q7gVCMIdwnecvE0SFgsCscwRA/k8rpcY5Dmv6m747m/oroxCltX2lCpd7VN6OyLP06gLjzv7h/QuTGQXnliLGpJJS2t8ErO
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR2P281MB0073
Message-ID-Hash: OOSWGAPIBJXT77746PUYBN5RKGGLU6CS
X-Message-ID-Hash: OOSWGAPIBJXT77746PUYBN5RKGGLU6CS
X-MailFrom: stefan.kober@cyberus-technology.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-devel.lists.libvirt.org-0; emergency;
 member-moderation; nonmember-moderation; administrivia; implicit-dest;
 max-recipients; max-size; news-moderation; no-subject; digests;
 suspicious-header
CC: Stefan Kober <stefan.kober@cyberus-technology.de>
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/OOSWGAPIBJXT77746PUYBN5RKGGLU6CS/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Owner: <mailto:devel-owner@lists.libvirt.org>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: pass (identity @cyberus-technology.de)
X-ZM-MESSAGEID: 1772023871064158500
Content-Type: text/plain; charset="utf-8"

We have a g_autoptr ret in the virIdentityGetSystem function. In the
happy path it is properly returned by doing: return g_steal_pointer(&ret);

There are 2 early return paths, were we do the following: "return ret;"

This leads to the g_autoptr being cleaned up after we leave the
function, as we do not properly "steal" it.

When later using the return value we have a use-after-free, which has
led to segfaults in some cases.

As this is a regression introduced in
1280a631ef488aeaab905eb30a55899ef8ba97be, we change the behavior to
properly return NULL in those cases.

On-behalf-of: SAP stefan.kober@sap.com
Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/util/viridentity.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index b7b88056ac..8e59179a20 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -328,14 +328,14 @@ virIdentity *virIdentityGetSystem(void)
         return NULL;
=20
     if (!(username =3D virGetUserName(geteuid())))
-        return ret;
+        return NULL;
     if (virIdentitySetUserName(ret, username) < 0)
         return NULL;
     if (virIdentitySetUNIXUserID(ret, getuid()) < 0)
         return NULL;
=20
     if (!(groupname =3D virGetGroupName(getegid())))
-        return ret;
+        return NULL;
     if (virIdentitySetGroupName(ret, groupname) < 0)
         return NULL;
     if (virIdentitySetUNIXGroupID(ret, getgid()) < 0)
--=20
2.53.0