On 12/10/2014 01:25 AM, Martin Kletzander wrote: > When user doesn't have read access on one of the domains he requested, > the for loop could exit abruptly or continue and override pointer which > pointed to locked object. > > This patch fixed two issues at once. One is that domflags might have > had QEMU_DOMAIN_STATS_HAVE_JOB even when there was no job started (this > is fixed by doing domflags |= QEMU_DOMAIN_STATS_HAVE_JOB only when the > job was acquired and cleaning domflags on every start of the loop. > Second one is that the domain is kept locked when > virConnectGetAllDomainStatsCheckACL() fails and continues the loop when > it didn't end. Adding a simple virObjectUnlock() and clearing the > pointer ought to do. > > Signed-off-by: Martin Kletzander <mkletzan@xxxxxxxxxx> > --- > > Since this is very low priority and it was mistakenly disclosed in > another patch there is no embargo on this CVE. Patches to maint > branches will be pushed after back-porting (couple of minutes). > > Having said that, I am probably not the right one to write up the > libvirt security notice, but I'll try drafting one, eventually. I can help with the security notices, as we have several other CVEs that will also be plugged in time for 1.2.11. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list