[pve-devel] [PATCH lxc 1/2] patch: conf: set pty_info to NULL after free

[Wolfgang Bumiller]

This is upstream and will be in the next release.
---
 ...0001-conf-set-pty_info-to-NULL-after-free.patch | 30 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 debian/patches/0001-conf-set-pty_info-to-NULL-after-free.patch

diff --git a/debian/patches/0001-conf-set-pty_info-to-NULL-after-free.patch b/debian/patches/0001-conf-set-pty_info-to-NULL-after-free.patch
new file mode 100644
index 0000000..795ad9c
--- /dev/null
+++ b/debian/patches/0001-conf-set-pty_info-to-NULL-after-free.patch
@@ -0,0 +1,30 @@
+From e00c024230e457a0f37ea5c90bd8caac0c30020e Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller at proxmox.com>
+Date: Thu, 28 Jul 2016 11:52:18 +0200
+Subject: [PATCH] conf: set pty_info to NULL after free
+
+This fixes a double free corruption on container-requested
+reboots when lxc_spawn() fails before receiving the ttys, as
+lxc_fini() (part of __lxc_start()'s cleanup) calls
+lxc_delete_tty().
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
+---
+ src/lxc/conf.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index 48a2978..1e330ac 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -3327,6 +3327,7 @@ void lxc_delete_tty(struct lxc_tty_info *tty_info)
+ 	}
+ 
+ 	free(tty_info->pty_info);
++	tty_info->pty_info = NULL;
+ 	tty_info->nbtty = 0;
+ }
+ 
+-- 
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 3737812..72bfbb4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ include-linux-sched.patch
 use-var-lib-vz-as-default-dir.patch
 #do-not-use-config-path-for-rootfs.patch
 run-lxcnetaddbr.patch
+0001-conf-set-pty_info-to-NULL-after-free.patch
-- 
2.1.4