diff options
| author | Richard Henderson <richard.henderson@linaro.org> | 2024-08-27 07:06:42 +1000 |
|---|---|---|
| committer | Richard Henderson <richard.henderson@linaro.org> | 2024-08-27 07:06:42 +1000 |
| commit | afaee42f777bc359db95f692804f7fc7e12c0c02 (patch) | |
| tree | 152e3f50f9a97f908dbcff420127956fcc3edc1e | |
| parent | 594ff839486fca7d588e2a11e70515193ce3a9f0 (diff) | |
| parent | 3874f5f73c441c52f1c699c848d463b0eda01e4c (diff) | |
| download | focaccia-qemu-afaee42f777bc359db95f692804f7fc7e12c0c02.tar.gz focaccia-qemu-afaee42f777bc359db95f692804f7fc7e12c0c02.zip | |
Merge tag 'pull-nbd-2024-08-26' of https://repo.or.cz/qemu/ericb into staging
NBD patches for 2024-08-26 - One more patch for CVE-2024-7409 (use-after-free on nbd-server-stop) # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmbMh9MACgkQp6FrSiUn # Q2ovfAf/TyHYtJUwSAQ3dgn4PlTym4FqN8CXa+EJQR9xSLJ5jAX3QgLBieUiIT31 # AFr9W6eqWNz4NksbeoHdwZVqUlkGJFsfiyTOK93k4/fYQdTbqSHPwo2FYlOXqdJB # bZN10zEvd7YRMrxTjGyPxNFCm2iIMZy8uEerOrY9hV1PVULHg6u3Pu8a6El4BK8k # k5S0SwluTkUkBLbqtEC6fHjdfFFr/dC8IB11Ly8FdxKHixIaUTVsZ20guNM0Q5Ca # kU2em2PcroDq3B0x3linD3xh3pVmlHdb4H+9runmGPnpJj5wjPL35aDzlU7GCT3B # kEGX5VzOJOJUXoHVyYrvJCD4I7YgMw== # =ZDYx # -----END PGP SIGNATURE----- # gpg: Signature made Mon 26 Aug 2024 11:49:07 PM AEST # gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] * tag 'pull-nbd-2024-08-26' of https://repo.or.cz/qemu/ericb: nbd/server: CVE-2024-7409: Avoid use-after-free when closing server Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
| -rw-r--r-- | blockdev-nbd.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/blockdev-nbd.c b/blockdev-nbd.c index f73409ae49..b36f41b7c5 100644 --- a/blockdev-nbd.c +++ b/blockdev-nbd.c @@ -92,10 +92,13 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, static void nbd_update_server_watch(NBDServerData *s) { - if (!s->max_connections || s->connections < s->max_connections) { - qio_net_listener_set_client_func(s->listener, nbd_accept, NULL, NULL); - } else { - qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL); + if (s->listener) { + if (!s->max_connections || s->connections < s->max_connections) { + qio_net_listener_set_client_func(s->listener, nbd_accept, NULL, + NULL); + } else { + qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL); + } } } @@ -113,6 +116,7 @@ static void nbd_server_free(NBDServerData *server) */ qio_net_listener_disconnect(server->listener); object_unref(OBJECT(server->listener)); + server->listener = NULL; QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) { qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH, NULL); |