Overview

File pacemaker#3293-0001-Low-libcrmcluster-avoid-use-after-free-in-trace-log.patch of Package pacemaker.34783

From fa2830b1c4acf061faa40490620eb63c48a56a2b Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Wed, 13 Dec 2023 17:01:01 -0600
Subject: [PATCH] Low: libcrmcluster: avoid use-after-free in trace log

---
 lib/cluster/membership.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/lib/cluster/membership.c b/lib/cluster/membership.c
index f856ccaca..6958e65f2 100644
--- a/lib/cluster/membership.c
+++ b/lib/cluster/membership.c
@@ -143,11 +143,23 @@ crm_remote_peer_get(const char *node_name)
     return node;
 }
 
+/*!
+ * \brief Remove a node from the Pacemaker Remote node cache
+ *
+ * \param[in] node_name  Name of node to remove from cache
+ *
+ * \note The caller must be careful not to use \p node_name after calling this
+ *       function if it might be a pointer into the cache entry being removed.
+ */
 void
 crm_remote_peer_cache_remove(const char *node_name)
 {
-    if (g_hash_table_remove(crm_remote_peer_cache, node_name)) {
-        crm_trace("removed %s from remote peer cache", node_name);
+    /* Do a lookup first, because node_name could be a pointer within the entry
+     * being removed -- we can't log it *after* removing it.
+     */
+    if (g_hash_table_lookup(crm_remote_peer_cache, node_name) != NULL) {
+        crm_trace("Removing %s from Pacemaker Remote node cache", node_name);
+        g_hash_table_remove(crm_remote_peer_cache, node_name);
     }
 }
 
-- 
2.35.3
openSUSE Build Service is sponsored by
Places