Overview

File bsc#1232613-0001-Fix-executor-avoid-use-after-free-upon-shutdown.patch of Package pacemaker.38493

From 596e7d60b156c2f8429646c2fc47787610953f17 Mon Sep 17 00:00:00 2001
From: "Gao,Yan" <ygao@suse.com>
Date: Tue, 5 Nov 2024 15:16:22 +0100
Subject: [PATCH] Fix: executor: avoid use-after-free upon shutdown

Upon shutdown of executor, lrmd_drain_alerts() calls
pcmk_drain_main_loop() which calls g_main_context_iteration(). If
there's a pending SIGCHLD signal, it will be processed by
crm_signal_dispatch() -> child_death_dispatch() -> child_waitpid() ->
services__finalize_async_op() -> action_complete(), which accesses the
hash table "rsc_list".

Previously "rsc_list" was destroyed before lrmd_drain_alerts(), which
would cause use-after-free.
---
 daemons/execd/pacemaker-execd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/daemons/execd/pacemaker-execd.c b/daemons/execd/pacemaker-execd.c
index 6044a4bce4..3ee88878b3 100644
--- a/daemons/execd/pacemaker-execd.c
+++ b/daemons/execd/pacemaker-execd.c
@@ -295,12 +295,13 @@ lrmd_exit(gpointer data)
 #endif
 
     pcmk__client_cleanup();
-    g_hash_table_destroy(rsc_list);
 
     if (mainloop) {
         lrmd_drain_alerts(mainloop);
     }
 
+    g_hash_table_destroy(rsc_list);
+
     crm_exit(CRM_EX_OK);
     return FALSE;
 }
-- 
2.43.0
openSUSE Build Service is sponsored by
Places