Re: [PATCH] storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath

Adding libvirt-security since I forgot when sending the patch. On Wed, Jul 21, 2021 at 11:27:41 +0200, Peter Krempa wrote: > 'virStoragePoolObjListSearch' returns a locked and refed object, thus we > must release it on ACL permission failure. > > Fixes: 7aa0e8c0cb8 > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318 > Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; > --- > Technically a security issue since it DoS-es the objects a user doesn't > have access to for users which do have access. > > Posting to standard devel list since the bugzilla above is public. > > src/storage/storage_driver.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c > index c2ff4b8d06..6aa10d89f6 100644 > --- a/src/storage/storage_driver.c > +++ b/src/storage/storage_driver.c > @@ -1738,8 +1738,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn, > storagePoolLookupByTargetPathCallback, > cleanpath))) { > def = virStoragePoolObjGetDef(obj); > - if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) > + if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) { > + virStoragePoolObjEndAPI(&obj); > return NULL; > + } > > pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL); > virStoragePoolObjEndAPI(&obj); > -- > 2.31.1 >