On 09/12/2012 04:44 PM, Martin Kletzander wrote: > When generating RPC protocol messages, it's strictly needed to have > continuousline of numbers or RPC messages. However in case anyone > tries backporting some functionality and will skip a number, there is > a possibility to make the daemon segfault with newer virsh (version of > the library, rpc call, etc.) even unintentionally. > > The problem is that the skipped numbers will get func filled with > NULLs, but there is no check whether these are set before the daemon > tries to run them. This patch very simply enhances one check and fixes > that. > --- > src/rpc/virnetserverprogram.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) Given that this fixes CVE-2012-4423, I have gone and backported it to v0.9.6-maint and v0.9.11-maint. https://bugzilla.redhat.com/show_bug.cgi?id=857135 -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list