Overview

File nbd-server-Deactivate-handshake-timer-be.patch of Package qemu.37352

From: Fabiano Rosas <farosas@suse.de>
Date: Tue, 18 Feb 2025 20:29:49 -0300
Subject: nbd/server: Deactivate handshake timer before freeing (bsc#1229007)

Keeping the handshake timer in the timer list causes a use-after-free
whenever aio_dispatch() runs the timers from the aio context.

Remove the timer from the active timers list before freeing.

Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fixes: ae288e58c2159110658a103ff422bd2344a62480
(cherry picked from commit 07f60f5c33c020f32aa413112622aee315d5678d)
References: bsc#1229007
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
---
 nbd/server.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nbd/server.c b/nbd/server.c
index 3e7812930a1241257be110860132..199b4821549f485d3eabcad328b0 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -2607,11 +2607,13 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
         if (local_err) {
             error_report_err(local_err);
         }
+        timer_del(handshake_timer);
         timer_free(handshake_timer);
         client_close(client, false);
         return;
     }
 
+    timer_del(handshake_timer);
     timer_free(handshake_timer);
     nbd_client_receive_next_request(client);
 }
openSUSE Build Service is sponsored by
Places