22 Jul
2021
22 Jul
'21
12:26 p.m.
On 7/21/21 11:27 AM, Peter Krempa wrote:
'virStoragePoolObjListSearch' returns a locked and refed object, thus we must release it on ACL permission failure.
Fixes: 7aa0e8c0cb8 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318 Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- Technically a security issue since it DoS-es the objects a user doesn't have access to for users which do have access.
Posting to standard devel list since the bugzilla above is public.
src/storage/storage_driver.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal