[CRIU] [PATCH 1/3] cg: Fix use-after-free in put_ctls
Andrew Vagin
avagin at virtuozzo.com
Mon Apr 4 10:08:53 PDT 2016
On Thu, Mar 31, 2016 at 05:39:43PM +0300, Cyrill Gorcunov wrote:
> From: Cyrill Gorcunov <gorcunov at virtuozzo.com>
>
> Since we're freeing list entries don't forget to
> initialize list then, otherwise it gets out with
> free entries and may hit use-after-free bug.
>
> Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
> ---
> criu/proc_parse.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/criu/proc_parse.c b/criu/proc_parse.c
> index 24a9154981db..4522ce67e25a 100644
> --- a/criu/proc_parse.c
> +++ b/criu/proc_parse.c
> @@ -2302,6 +2302,7 @@ void put_ctls(struct list_head *l)
> xfree(c->path);
> xfree(c);
> }
> + INIT_LIST_HEAD(l);
We are not going to use this list head in a furure and
if we will do this, it will be a bug.
So I think this patch can hide this sort of bugs.
> }
>
> /* Parse and create all the real controllers. This does not include things with
> --
> 2.5.5
>
More information about the CRIU
mailing list