2011/6/2 Eric Blake <eblake@xxxxxxxxxx>:
> On 05/31/2011 05:35 PM, Eric Blake wrote:
>> Regression introduced in commit d6623003 (v0.8.8) - using the
>> wrong sizeof operand meant that security manager private data
>> was overlaying the allowDiskFOrmatProbing member of struct
>> _virSecurityManager. ÂThis reopens disk probing, which was
>> supposed to be prevented by the solution to CVE-2010-2238.
>>
>> * src/security/security_manager.c
>> (virSecurityManagerGetPrivateData): Use correct offset.
>> ---
>> Âsrc/security/security_manager.c | Â Â2 +-
>> Â1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
>> index 0246dd8..833c1a2 100644
>> --- a/src/security/security_manager.c
>> +++ b/src/security/security_manager.c
>> @@ -107,7 +107,7 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
>>
>> Âvoid *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
>> Â{
>> - Â Âreturn ((char*)mgr) + sizeof(mgr);
>> + Â Âreturn ((char*)mgr) + sizeof(*mgr);
>
> I suppose I could have used:
>
> return mgr + 1;
>
> instead, since that gives the same address with less typing. ÂAny
> preferences on which form to commit?
>
I'd say go with the more readable mgr + 1.
Matthias
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list