From: Daniel P. Berrange <berrange@redhat.com>
Date: Fri, 8 Jul 2011 11:33:52 +0000 (+0100)
Subject: Fix potential crash in libvirtd with active streams
X-Git-Tag: v0.9.4-rc1~274
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e5d48ef33224a915bb2afd7933fbec3c2b232ba;p=thirdparty%2Flibvirt.git

Fix potential crash in libvirtd with active streams

If a client disconnects while it has a stream active, there is
a race condition which could see libvirtd crash. This is because
the client struct may be freed before the last stream event has
triggered. This is trivially solved by holding an extra reference
on the client for the stream callbak

* daemon/stream.c: Acquire reference on client when adding the
  stream callback
---

diff --git a/daemon/stream.c b/daemon/stream.c
index 56d79c2b6c..28f6c326d7 100644
--- a/daemon/stream.c
+++ b/daemon/stream.c
@@ -104,6 +104,15 @@ daemonStreamMessageFinished(virNetMessagePtr msg,
     daemonStreamUpdateEvents(stream);
 }
 
+
+static void
+daemonStreamEventFreeFunc(void *opaque)
+{
+    virNetServerClientPtr client = opaque;
+
+    virNetServerClientFree(client);
+}
+
 /*
  * Callback that gets invoked when a stream becomes writable/readable
  */
@@ -361,9 +370,11 @@ int daemonAddClientStream(virNetServerClientPtr client,
     }
 
     if (virStreamEventAddCallback(stream->st, 0,
-                                  daemonStreamEvent, client, NULL) < 0)
+                                  daemonStreamEvent, client,
+                                  daemonStreamEventFreeFunc) < 0)
         return -1;
 
+    virNetServerClientRef(client);
     if ((stream->filterID = virNetServerClientAddFilter(client,
                                                         daemonStreamFilter,
                                                         stream)) < 0) {