From patchwork Wed Dec 13 22:19:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frode Nordahl X-Patchwork-Id: 1875892 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=r0QOJElK; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sr9645RYQz23nm for ; Thu, 14 Dec 2023 09:25:16 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 4989482C5E; Wed, 13 Dec 2023 22:25:09 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 4989482C5E Authentication-Results: smtp1.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=r0QOJElK X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzA_7M-PCzY2; Wed, 13 Dec 2023 22:25:08 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 3226981E20; Wed, 13 Dec 2023 22:25:07 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 3226981E20 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0AF1BC0072; Wed, 13 Dec 2023 22:25:07 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id F3AE9C0037 for ; Wed, 13 Dec 2023 22:25:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id C2BD281E3A for ; Wed, 13 Dec 2023 22:25:05 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org C2BD281E3A X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0HsjJxvk4yOc for ; Wed, 13 Dec 2023 22:25:03 +0000 (UTC) Received: from smtp-relay-canonical-1.canonical.com (smtp-relay-canonical-1.canonical.com [185.125.188.121]) by smtp1.osuosl.org (Postfix) with ESMTPS id 8D1F481E20 for ; Wed, 13 Dec 2023 22:25:03 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 8D1F481E20 Received: from frode-threadripper.. (ti0189a430-2338.bb.online.no [88.90.42.44]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id B0D143F18B; Wed, 13 Dec 2023 22:19:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1702505969; bh=PxnvesNNKxCqPnAsEDTFltnySHOdgkmh2afoOELAJzw=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=r0QOJElK9dHI+zv9Ttz2AF/ksPK4LvKNIE+GEt8/TDgKJ8Hki15VojDyQWCff7itV pYm4vy20DKqPHpJuUbeSJQkp6IIJGcZ973Sz7X8JqikPh5+hTVsmkocibfh9VIg1D/ lfFsaJGkSpXnKvNCwipmAZhxsHadqvo68ML3U74HX9JG2FZRdsVYfrCKuibj9ZINsU L1D8jnG4MZFqMJMAplaBcqJaR5IVHbb+wVI/Odyx1iIWh1uYBe/TDcehAJLEU6oveU 6hrN+jzOhSN4VKTnblY8t96OHTzbxgKWB4YK+xZHRRDsDkM+VTqLP0PT1mpQ2YYssf sjhhKMeYp9/4A== From: Frode Nordahl To: dev@openvswitch.org Date: Wed, 13 Dec 2023 23:19:27 +0100 Message-Id: <20231213221928.3224497-1-frode.nordahl@canonical.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Cc: Ilya Maximets Subject: [ovs-dev] [PATCH 1/2] ovsdb: Fix use after free on schema conversion error. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" In the event a schema conversion aborts, the cleanup code in ovsdb_convert() prior to this patch will remove the in-memory copy of the new database prior to aborting any on-going transactions in that database, consequently leading to a use after free and potential crash. Fixes: 1b1d2e6daa56 ("ovsdb: Introduce experimental support for clustered databases.") Signed-off-by: Frode Nordahl --- ovsdb/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ovsdb/file.c b/ovsdb/file.c index 8bd1d4af3..778b4004b 100644 --- a/ovsdb/file.c +++ b/ovsdb/file.c @@ -388,10 +388,10 @@ ovsdb_convert(const struct ovsdb *src, const struct ovsdb_schema *new_schema, return NULL; error: - ovsdb_destroy(dst); if (txn) { ovsdb_txn_abort(txn); } + ovsdb_destroy(dst); *dstp = NULL; return error; }