rbd: Fix use after free in qemu_rbd_set_keypairs() error path
If we want to include the invalid option name in the error message, we
can't free the string earlier than that.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 71c87815f9
)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
stable-2.11
parent
6f36bd3969
commit
4f81878152
|
@ -265,13 +265,14 @@ static int qemu_rbd_set_keypairs(rados_t cluster, const char *keypairs_json,
|
|||
key = qstring_get_str(name);
|
||||
|
||||
ret = rados_conf_set(cluster, key, qstring_get_str(value));
|
||||
QDECREF(name);
|
||||
QDECREF(value);
|
||||
if (ret < 0) {
|
||||
error_setg_errno(errp, -ret, "invalid conf option %s", key);
|
||||
QDECREF(name);
|
||||
ret = -EINVAL;
|
||||
break;
|
||||
}
|
||||
QDECREF(name);
|
||||
}
|
||||
|
||||
QDECREF(keypairs);
|
||||
|
|
Loading…
Reference in New Issue