[ovs-git] [openvswitch/ovs] a52149: raft: Fix use-after-free error in raft_store_snaps...

GitHub noreply at github.com
Tue Aug 7 19:25:13 UTC 2018


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: a521491bc53fa494d08707399cbab764a931d406
      https://github.com/openvswitch/ovs/commit/a521491bc53fa494d08707399cbab764a931d406
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-08-07 (Tue, 07 Aug 2018)

  Changed paths:
    M ovsdb/raft.c

  Log Message:
  -----------
  raft: Fix use-after-free error in raft_store_snapshot().

raft_store_snapshot() constructs a new snapshot in a local variable then
destroys the current snapshot and replaces it by the new one.  Until now,
it has not cloned the data in the new snapshot until it did the
replacement.  This led to the unexpected consequence that, if 'servers' in
the old and new snapshots was the same, then it would first be freed and
later cloned, which could cause a segfault.

Multiple people reported the crash.  Gurucharan Shetty provided a
reproduction case.

Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Mark Michelson <mmichels at redhat.com>



      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.


More information about the git mailing list