Re: [Qemu-trivial] [PATCH] vnc: clear vs->tlscreds after unparenting it

qemu-trivial

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-trivial] [PATCH] vnc: clear vs->tlscreds after unparenting it

From:	Gerd Hoffmann
Subject:	Re: [Qemu-trivial] [PATCH] vnc: clear vs->tlscreds after unparenting it
Date:	Tue, 12 Jan 2016 15:26:42 +0100

On Di, 2016-01-12 at 13:52 +0100, Wolfgang Bumiller wrote:
> This pointer should be cleared in vnc_display_close()
> otherwise a use-after-free can happen when when using the
> old style 'x509' and 'tls' options rather than a persistent
> tls-creds -object, by issuing monitor commands to change
> the vnc server like so:
> 
> Start with: -vnc unix:test.socket,x509,tls
> Then use the following monitor command:
>   change vnc unix:test.socket
> 
> After this the pointer is still set but invalid and a crash
> can be triggered for instance by issuing the same command a
> second time which will try to object_unparent() the same
> pointer again.

Added to patch queue.

thanks,
  Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-trivial] [PATCH] vnc: clear vs->tlscreds after unparenting it, Wolfgang Bumiller, 2016/01/12
- Re: [Qemu-trivial] [Qemu-devel] [PATCH] vnc: clear vs->tlscreds after unparenting it, Daniel P. Berrange, 2016/01/12
- Re: [Qemu-trivial] [Qemu-devel] [PATCH] vnc: clear vs->tlscreds after unparenting it, Wolfgang Bumiller, 2016/01/12
- Re: [Qemu-trivial] [PATCH] vnc: clear vs->tlscreds after unparenting it, Gerd Hoffmann <=

Prev by Date: Re: [Qemu-trivial] [Qemu-devel] [PATCH] vnc: clear vs->tlscreds after unparenting it
Next by Date: [Qemu-trivial] [PATCH] qemu-doc: Do not promote deprecated -smb and -redir options
Previous by thread: Re: [Qemu-trivial] [Qemu-devel] [PATCH] vnc: clear vs->tlscreds after unparenting it
Next by thread: [Qemu-trivial] [PATCH] man: virtfs-proxy-helper: Fix 'capbilities' typo
Index(es):
- Date
- Thread