git.ipfire.org Git - thirdparty/lxc.git/commit

author	Tycho Andersen <tycho@tycho.ws>
	Thu, 15 Mar 2018 15:29:27 +0000 (15:29 +0000)
committer	Tycho Andersen <tycho@tycho.ws>
	Thu, 15 Mar 2018 15:29:27 +0000 (15:29 +0000)
commit	a3b4f3d68054eb31b86a7192bfc8ffabba011bff
tree	5790001246f50e32fe9b1e728c5771eb705aa2ca	tree
parent	93936fbc7b5ebafa8058ff102d5310bff87832f1	commit \| diff

fix handler use-after-free

The problem here is that __lxc_start frees the handler, so any use
afterwards is invalid. Since we don't have access to the actual struct
lxc_container object in __lxc_start, let's pass a pointer to error_num in
so it can be returned.

Unfortunately, I'm a little too paranoid to change the return type of
lxc_start, since it returns failure if some of the cleanup fails, which
may be useful in some cases. So let's keep this out of band.

Closes #2218
Closes #2219

Reported-by: Felix Abecassis <fabecassis@nvidia.com>
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

src/lxc/execute.c		diff \| blob \| blame \| history
src/lxc/lxc.h		diff \| blob \| blame \| history
src/lxc/lxccontainer.c		diff \| blob \| blame \| history
src/lxc/start.c		diff \| blob \| blame \| history
src/lxc/start.h		diff \| blob \| blame \| history