isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix potential use-after-free when calling iolog_flush_all().

Browse Source 
We need to call iolog_flush_all() _before_ scheduling the commit point.
If we fail to schedule to commit point, the closure will be freed.
Coverity CID 220557
This commit is contained in:
Todd C. Miller
2021-10-19 11:57:32 -06:00
parent 5eebc30987
commit 02e77e656b
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
logsrvd/logsrvd.c
View File

@@ -1160,15 +1160,15 @@ server_commit_cb(int unused, int what, void *v)
TimeSpec commit_point = TIME_SPEC__INIT;
debug_decl(server_commit_cb, SUDO_DEBUG_UTIL);
/* Flush I/O logs before sending commit point if needed. */
if (!iolog_get_flush())
iolog_flush_all(closure);
commit_point.tv_sec = closure->elapsed_time.tv_sec;
commit_point.tv_nsec = closure->elapsed_time.tv_nsec;
if (!schedule_commit_point(&commit_point, closure))
connection_close(closure);
/* Flush I/O logs before sending commit point if needed. */
if (!iolog_get_flush())
iolog_flush_all(closure);
debug_return;
}