Re: [PATCH v2] Fix libvirtd crash possibility

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/12/2012 04:44 PM, Martin Kletzander wrote:
> When generating RPC protocol messages, it's strictly needed to have
> continuousline of numbers or RPC messages. However in case anyone
> tries backporting some functionality and will skip a number, there is
> a possibility to make the daemon segfault with newer virsh (version of
> the library, rpc call, etc.) even unintentionally.
> 
> The problem is that the skipped numbers will get func filled with
> NULLs, but there is no check whether these are set before the daemon
> tries to run them. This patch very simply enhances one check and fixes
> that.
> ---
>  src/rpc/virnetserverprogram.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)

Given that this fixes CVE-2012-4423, I have gone and backported it to
v0.9.6-maint and v0.9.11-maint.
https://bugzilla.redhat.com/show_bug.cgi?id=857135

-- 
Eric Blake   eblake@xxxxxxxxxx    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]