2011/6/1 Eric Blake <eblake@xxxxxxxxxx>:
> Regression introduced in commit d6623003 (v0.8.8) - using the
> wrong sizeof operand meant that security manager private data
> was overlaying the allowDiskFOrmatProbing member of struct
s/FOrmat/Format/
> _virSecurityManager. ÂThis reopens disk probing, which was
> supposed to be prevented by the solution to CVE-2010-2238.
>
> * src/security/security_manager.c
> (virSecurityManagerGetPrivateData): Use correct offset.
> ---
> Âsrc/security/security_manager.c | Â Â2 +-
> Â1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 0246dd8..833c1a2 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -107,7 +107,7 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
>
> Âvoid *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
> Â{
> - Â Âreturn ((char*)mgr) + sizeof(mgr);
> + Â Âreturn ((char*)mgr) + sizeof(*mgr);
> Â}
ACK.
Matthias
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list