35 lines
1.0 KiB
Diff
35 lines
1.0 KiB
Diff
|
From f38c8185f97720ecae7ef2291fbaa5d6b0209e17 Mon Sep 17 00:00:00 2001
|
||
|
|
Message-Id: <f38c8185f97720ecae7ef2291fbaa5d6b0209e17.1373575119.git.crobinso@redhat.com>
|
||
|
|
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
|
||
|
|
Date: Tue, 2 Jul 2013 15:17:09 +0200
|
||
|
|
Subject: [PATCH] Fix crash when multiple event callbacks were registered
|
||
|
|
|
||
|
|
CVE-2013-2230
|
||
|
|
|
||
|
|
Don't overwrite the callback ID returned by
|
||
|
|
virDomainEventStateRegisterID in ret by 0.
|
||
|
|
|
||
|
|
Introduced by abf75aea.
|
||
|
|
---
|
||
|
|
src/qemu/qemu_driver.c | 4 +---
|
||
|
|
1 file changed, 1 insertion(+), 3 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
||
|
|
index 571d1f8..b0180c9 100644
|
||
|
|
--- a/src/qemu/qemu_driver.c
|
||
|
|
+++ b/src/qemu/qemu_driver.c
|
||
|
|
@@ -10043,9 +10043,7 @@ qemuConnectDomainEventRegisterAny(virConnectPtr conn,
|
||
|
|
driver->domainEventState,
|
||
|
|
dom, eventID,
|
||
|
|
callback, opaque, freecb, &ret) < 0)
|
||
|
|
- goto cleanup;
|
||
|
|
-
|
||
|
|
- ret = 0;
|
||
|
|
+ ret = -1;
|
||
|
|
|
||
|
|
cleanup:
|
||
|
|
return ret;
|
||
|
|
--
|
||
|
|
1.8.3.1
|
||
|
|
|