From nobody Mon Feb 9 23:01:02 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1529373571425164.906853844985; Mon, 18 Jun 2018 18:59:31 -0700 (PDT) Received: from localhost ([::1]:38439 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fV5va-0003IP-EE for importer@patchew.org; Mon, 18 Jun 2018 21:59:26 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45212) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fV5hQ-00010S-SQ for qemu-devel@nongnu.org; Mon, 18 Jun 2018 21:44:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fV5hM-00082y-0b for qemu-devel@nongnu.org; Mon, 18 Jun 2018 21:44:48 -0400 Received: from mail-oi0-x22f.google.com ([2607:f8b0:4003:c06::22f]:35622) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fV5hL-00082n-RR; Mon, 18 Jun 2018 21:44:43 -0400 Received: by mail-oi0-x22f.google.com with SMTP id e8-v6so16712101oii.2; Mon, 18 Jun 2018 18:44:43 -0700 (PDT) Received: from localhost (76-251-165-188.lightspeed.austtx.sbcglobal.net. [76.251.165.188]) by smtp.gmail.com with ESMTPSA id 5-v6sm7128300oid.50.2018.06.18.18.44.41 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 18 Jun 2018 18:44:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=24r6pz3b2UB9j7jdv4JlcbZq1czr6mU3n1Z/FUITnnA=; b=An633lVM1slnvzWd79udni8IjzkqUY/wDXHSQeM1fZRQXQ4w1TuGNduqNg7ieGTVFb u7kSY8gg/FrvtGA4zZa4kE6g74VJeWbnKnEL9kct86LZujBnnJXofk1acAyqvswgqufS ZoP4sHUYwKvDBGG94xqM4A6WFm5HvS7aoA/eaiBWTBXZkxfSZ6uEYtB/rzyHsCXORUbJ qMMqzeF5+odhqYyePje3v2lGkQjvWTlopccMGPAggm8vK2ZVe51bAvBJpmvTsSSjERIV U2M4UMcC2YCha4MW01HhdYvjKD5VGvV6zhj5EGwbRZ6SuHZhiQ8sq4BOs3f3d3TXNZSN OlPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=24r6pz3b2UB9j7jdv4JlcbZq1czr6mU3n1Z/FUITnnA=; b=gTH8hAFwwQZ7+sEBNezt09cjZuDkH3r759jmntXEZ3qAAV4w/PgQo4KM1ydB+U/G6r SARB6Y3yR2JHShFCIRU3AsZ/FTbjlMZ/1LCCfZNX9Ykpy9cwTDT1xnw9bFpschA6jVWG GZNLjoJHYaV6UEdff4alGnvlvORpo2cX9RvQ7nCk5aajjRpkhEV9QuVIWBdJ3RGbGT6m CnC8h3LSIMLLCzB0wJqC8xCBb+W5N4mOZgjCnDXj0nCDLkGnc4iJOsvM9+2Tlw1kPnmC rM08nEOnCAYCfk1Z9jXNVBzvuujm3UTcgMwG0PBhHQHRYXZxZ0Cg/UwPt9iXRlh5nXZP QQtA== X-Gm-Message-State: APt69E1shD5i+JX0/jGCQ8J3NDWTU/tp2h3U3MnRB+VRfbF3vNcQLLLi ctRYsQ+TPR/NLsUbbsoJqeRRH9eI X-Google-Smtp-Source: ADUXVKKQrnm40GQgC1BG1iLS0g9R2laYQmGuafgHrq3scccx6x5tg4aEl2W3Md285RyyVDQvCCjpig== X-Received: by 2002:aca:907:: with SMTP id 7-v6mr8719695oij.300.1529372682668; Mon, 18 Jun 2018 18:44:42 -0700 (PDT) From: Michael Roth To: qemu-devel@nongnu.org Date: Mon, 18 Jun 2018 20:41:45 -0500 Message-Id: <20180619014319.28272-20-mdroth@linux.vnet.ibm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180619014319.28272-1-mdroth@linux.vnet.ibm.com> References: <20180619014319.28272-1-mdroth@linux.vnet.ibm.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4003:c06::22f Subject: [Qemu-devel] [PATCH 019/113] rbd: Fix use after free in qemu_rbd_set_keypairs() error path X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-stable@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Kevin Wolf If we want to include the invalid option name in the error message, we can't free the string earlier than that. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Reviewed-by: Eric Blake (cherry picked from commit 71c87815f9e0386b6f3e22942adc956fd603c82f) Signed-off-by: Michael Roth --- block/rbd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/block/rbd.c b/block/rbd.c index a76a5e8755..2de434dfdd 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -265,13 +265,14 @@ static int qemu_rbd_set_keypairs(rados_t cluster, con= st char *keypairs_json, key =3D qstring_get_str(name); =20 ret =3D rados_conf_set(cluster, key, qstring_get_str(value)); - QDECREF(name); QDECREF(value); if (ret < 0) { error_setg_errno(errp, -ret, "invalid conf option %s", key); + QDECREF(name); ret =3D -EINVAL; break; } + QDECREF(name); } =20 QDECREF(keypairs); --=20 2.11.0