On 01/13/2014 08:24 AM, Jiri Denemark wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1047577 > > When writing commit 173c291, I missed the fact virNetServerClientClose > unlocks the client object before actually clearing client->sock and thus > it is possible to hit a window when client->keepalive is NULL while > client->sock is not NULL. I was thinking client->sock == NULL was a > better check for a closed connection but apparently we have to go with > client->keepalive == NULL to actually fix the crash. By the way, commit 173c291 and this commit together fix CVE-2014-1447. I'll be working on backporting it to appropriate branches. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list