summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorKevin Wolf2020-11-30 11:56:13 +0100
committerDaniel P. Berrangé2021-01-29 18:07:53 +0100
commit668cb74b2af1129349a6c41763bc88d801161e09 (patch)
tree3160d1c4426cd4c1c7a1ececb58b910229ab57aa /crypto
parentcrypto: Move USER_CREATABLE to secret_common base class (diff)
downloadqemu-668cb74b2af1129349a6c41763bc88d801161e09.tar.gz
qemu-668cb74b2af1129349a6c41763bc88d801161e09.tar.xz
qemu-668cb74b2af1129349a6c41763bc88d801161e09.zip
crypto: Forbid broken unloading of secrets
qcrypto_secret_prop_set_loaded() forgets to reset secret->rawdata after unloading a secret, which will lead to a double free at some point. Because there is no use case for unloading an already loaded secret (apart from deleting the whole secret object) and we know that nobody could use this because it would lead to crashes, let's just forbid the operation instead of fixing the unloading. Eventually, we'll want to get rid of 'loaded' in the external interface, but for the meantime this is more consistent with rng, which has a similar property 'opened' that also can't be reset to false after it became true. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/secret_common.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/secret_common.c b/crypto/secret_common.c
index 35b82cb531..714a15d5e5 100644
--- a/crypto/secret_common.c
+++ b/crypto/secret_common.c
@@ -191,9 +191,9 @@ qcrypto_secret_prop_set_loaded(Object *obj,
secret->rawdata = input;
secret->rawlen = inputlen;
- } else {
- g_free(secret->rawdata);
- secret->rawlen = 0;
+ } else if (secret->rawdata) {
+ error_setg(errp, "Cannot unload secret");
+ return;
}
}