Re: [v0.9.12-maint 06/11] rpc: Fix crash on error paths of message dispatching

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/11/13 16:00, Peter Krempa wrote:
                   ^^^^^^^^^^^^

Guido, you should recofigure your git-send-email or other mailer so that
it sends patches in your name with a separate "From:" line in the body.
This now looks as if I've sent the mail which is not the case.

Peter

> This patch resolves CVE-2013-0170:
> https://bugzilla.redhat.com/show_bug.cgi?id=893450
> 
> When reading and dispatching of a message failed the message was freed
> but wasn't removed from the message queue.
> 
> After that when the connection was about to be closed the pointer for
> the message was still present in the queue and it was passed to
> virNetMessageFree which tried to call the callback function from an
> uninitialized pointer.
> 
> This patch removes the message from the queue before it's freed.
> 
> * rpc/virnetserverclient.c: virNetServerClientDispatchRead:
>     - avoid use after free of RPC messages
> 
> (cherry picked from commit 46532e3e8ed5f5a736a02f67d6c805492f9ca720)
> ---


Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]