network: Don't crash on domain destroy

https://bugzilla.redhat.com/show_bug.cgi?id=1434882

Imagine the following scenario:

1) virsh net-start default
2) virsh start myFavouriteDomain
3) virsh net-destroy default
4) virsh destroy myFavouriteDomain

(assuming myFavouriteDomain has an interface from default
network)

Regardless of how unlikely this scenario looks like, we should
not crash. The problem is, on net-destroy in
networkShutdownNetworkVirtual() the virMacMap module is unrefed,
but the stale pointer is kept around. Thus when the domain
destroy procedure comes in, networkReleaseActualDevice() and
subsequently networkMacMgrDel() is called. This function sees the
stale pointer and starts calling the virMacMap module APIs which
work over freed memory.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 3270dc50074ea71084fdef092b673cd6814df6c3..ef982363b408dac35bb724b25fb32cd2cf9444bb 100644 (file)
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2490,7 +2490,8 @@ networkShutdownNetworkVirtual(virNetworkDriverStatePtr driver,
     if (network->def->bandwidth)
         virNetDevBandwidthClear(network->def->bridge);
 
-    virObjectUnref(network->macmap);
+    if (!virObjectUnref(network->macmap))
+        network->macmap = NULL;
 
     if (network->radvdPid > 0) {
         char *radvdpidbase;