We have a g_autoptr ret in the virIdentityGetSystem function. In the happy path it is properly returned by doing: return g_steal_pointer(&ret);
There are 2 early return paths, were we do the following: "return ret;" This leads to the g_autoptr being cleaned up after we leave the function, as we do not properly "steal" it. When later using the return value we have a use-after-free, which has led to segfaults in some cases. As this is a regression introduced in 1280a631ef488aeaab905eb30a55899ef8ba97be, we change the behavior to properly return NULL in those cases. On-behalf-of: SAP [email protected] Signed-off-by: Stefan Kober <[email protected]> --- src/util/viridentity.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/viridentity.c b/src/util/viridentity.c index b7b88056ac..8e59179a20 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -328,14 +328,14 @@ virIdentity *virIdentityGetSystem(void) return NULL; if (!(username = virGetUserName(geteuid()))) - return ret; + return NULL; if (virIdentitySetUserName(ret, username) < 0) return NULL; if (virIdentitySetUNIXUserID(ret, getuid()) < 0) return NULL; if (!(groupname = virGetGroupName(getegid()))) - return ret; + return NULL; if (virIdentitySetGroupName(ret, groupname) < 0) return NULL; if (virIdentitySetUNIXGroupID(ret, getgid()) < 0) -- 2.53.0
