[PATCH] security: plug regression introduced in disk probe logic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Regression introduced in commit d6623003 (v0.8.8) - using the
wrong sizeof operand meant that security manager private data
was overlaying the allowDiskFOrmatProbing member of struct
_virSecurityManager.  This reopens disk probing, which was
supposed to be prevented by the solution to CVE-2010-2238.

* src/security/security_manager.c
(virSecurityManagerGetPrivateData): Use correct offset.
---
 src/security/security_manager.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 0246dd8..833c1a2 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -107,7 +107,7 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,

 void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
 {
-    return ((char*)mgr) + sizeof(mgr);
+    return ((char*)mgr) + sizeof(*mgr);
 }


-- 
1.7.4.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]