[ovs-git] [openvswitch/ovs] 9281e4: raft: Fix use-after-free error in raft_store_snaps...

GitHub noreply at github.com
Tue Aug 7 19:25:30 UTC 2018


  Branch: refs/heads/branch-2.9
  Home:   https://github.com/openvswitch/ovs
  Commit: 9281e47eb430351070d46c62da6f6624fa2c8453
      https://github.com/openvswitch/ovs/commit/9281e47eb430351070d46c62da6f6624fa2c8453
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-08-07 (Tue, 07 Aug 2018)

  Changed paths:
    M ovsdb/raft.c

  Log Message:
  -----------
  raft: Fix use-after-free error in raft_store_snapshot().

raft_store_snapshot() constructs a new snapshot in a local variable then
destroys the current snapshot and replaces it by the new one.  Until now,
it has not cloned the data in the new snapshot until it did the
replacement.  This led to the unexpected consequence that, if 'servers' in
the old and new snapshots was the same, then it would first be freed and
later cloned, which could cause a segfault.

Multiple people reported the crash.  Gurucharan Shetty provided a
reproduction case.

Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Mark Michelson <mmichels at redhat.com>



      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.


More information about the git mailing list