fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-14 18:58:08 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

initrd: fix use-after-free when multiple iBFT entries fail

Browse source 
The error variable is declared outside the loop but freed with
g_error_free() which does not reset the pointer to NULL. On the
next iteration, g_set_error() sees a non-NULL *err (dangling pointer)
and error->message dereferences freed memory.

Use g_clear_error() instead which also resets the pointer.

Found by Coverity (CID: USE_AFTER_FREE).

Fixes: ecc074b2f8 ('initrd: add command line parser')

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
(cherry picked from commit 33871478b7)
This commit is contained in:
Jan Vaclav 2026-04-07 13:17:16 +02:00
parent dbd323ce81
commit 09fa1dc8b4
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/nm-initrd-generator/nmi-cmdline-reader.c
View file

@ -409,7 +409,7 @@ reader_read_all_connections_from_fw(Reader *reader, const char *sysfs_dir)
if (!nmi_ibft_update_connection_from_nic(connection, nic, &error)) {
_LOGW(LOGD_CORE, "Unable to merge iBFT configuration: %s", error->message);
g_error_free(error);
g_clear_error(&error);
continue;
}