[ovs-git] [openvswitch/ovs] 40bacf: raft: Fix use-after-free error in raft_store_snaps...

GitHub noreply at github.com
Tue Aug 7 19:25:25 UTC 2018


  Branch: refs/heads/branch-2.10
  Home:   https://github.com/openvswitch/ovs
  Commit: 40bacfd528a6fab88c61f905ff5bcc54696574c1
      https://github.com/openvswitch/ovs/commit/40bacfd528a6fab88c61f905ff5bcc54696574c1
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-08-07 (Tue, 07 Aug 2018)

  Changed paths:
    M ovsdb/raft.c

  Log Message:
  -----------
  raft: Fix use-after-free error in raft_store_snapshot().

raft_store_snapshot() constructs a new snapshot in a local variable then
destroys the current snapshot and replaces it by the new one.  Until now,
it has not cloned the data in the new snapshot until it did the
replacement.  This led to the unexpected consequence that, if 'servers' in
the old and new snapshots was the same, then it would first be freed and
later cloned, which could cause a segfault.

Multiple people reported the crash.  Gurucharan Shetty provided a
reproduction case.

Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Mark Michelson <mmichels at redhat.com>



      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.


More information about the git mailing list