On 08/16/2013 04:32 AM, Peter Krempa wrote: > The virBitmapParse function was calling virBitmapIsSet() function that > requires the caller to check the bounds of the bitmap without checking > them. This resulted into crashes when parsing a bitmap string that was > exceeding the bounds used as argument. > > This patch refactors the function to use virBitmapSetBit without > checking if the bit is set (this function does the checks internally) > and then counts the bits in the bitmap afterwards (instead of keeping > track while parsing the string). > > This patch also changes the "parse_error" label to a more common > "error". > > The refactor should also get rid of the need to call sa_assert on the > returned variable as the callpath should allow coverity to infer the > possible return values. > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997367 > > Thanks to Alex Jia for tracking down the issue. > --- > src/util/virbitmap.c | 38 +++++++++++++++----------------------- > 1 file changed, 15 insertions(+), 23 deletions(-) This patch is the fix for CVE-2013-5651. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list