Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe, bug 693457
This commit is contained in:
parent
dedb223721
commit
2915aa73af
|
@ -0,0 +1,51 @@
|
|||
From 2c2ae4c48c7e57fd233f1b9475fb6ecbab04804a Mon Sep 17 00:00:00 2001
|
||||
From: Jiri Denemark <jdenemar@redhat.com>
|
||||
Date: Fri, 25 Mar 2011 16:45:45 +0100
|
||||
Subject: [PATCH 2/2] daemon: Avoid resetting errors before they are reported
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=690733
|
||||
|
||||
Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
|
||||
*Free) is called before remoteDispatchConnError() is called on error.
|
||||
However, the patch missed two instances.
|
||||
(cherry picked from commit 55cc591fc18e87b29febf78dc5b424b7c12f7349)
|
||||
---
|
||||
daemon/remote.c | 6 ++++--
|
||||
1 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/daemon/remote.c b/daemon/remote.c
|
||||
index 554e75e..159430e 100644
|
||||
--- a/daemon/remote.c
|
||||
+++ b/daemon/remote.c
|
||||
@@ -4868,12 +4868,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
|
||||
ret->names.names_len =
|
||||
virStoragePoolListVolumes (pool,
|
||||
ret->names.names_val, args->maxnames);
|
||||
- virStoragePoolFree(pool);
|
||||
if (ret->names.names_len == -1) {
|
||||
VIR_FREE(ret->names.names_val);
|
||||
remoteDispatchConnError(rerr, conn);
|
||||
+ virStoragePoolFree(pool);
|
||||
return -1;
|
||||
}
|
||||
+ virStoragePoolFree(pool);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -4897,11 +4898,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
|
||||
}
|
||||
|
||||
ret->num = virStoragePoolNumOfVolumes (pool);
|
||||
- virStoragePoolFree(pool);
|
||||
if (ret->num == -1) {
|
||||
remoteDispatchConnError(rerr, conn);
|
||||
+ virStoragePoolFree(pool);
|
||||
return -1;
|
||||
}
|
||||
+ virStoragePoolFree(pool);
|
||||
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
1.7.3.4
|
||||
|
File diff suppressed because it is too large
Load Diff
11
libvirt.spec
11
libvirt.spec
|
@ -204,12 +204,15 @@
|
|||
Summary: Library providing a simple virtualization API
|
||||
Name: libvirt
|
||||
Version: 0.8.8
|
||||
Release: 3%{?dist}%{?extra_release}
|
||||
Release: 4%{?dist}%{?extra_release}
|
||||
License: LGPLv2+
|
||||
Group: Development/Libraries
|
||||
Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
|
||||
Patch1: %{name}-%{version}-kernel-boot-index.patch
|
||||
Patch2: %{name}-%{version}-read-only-checks.patch
|
||||
# Patches 5, 6 CVE-2011-1486
|
||||
Patch3: %{name}-%{version}-threadsafe-libvirtd-error-reporting.patch
|
||||
Patch4: %{name}-%{version}-avoid-resetting-errors.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
URL: http://libvirt.org/
|
||||
BuildRequires: python-devel
|
||||
|
@ -458,6 +461,8 @@ of recent versions of Linux (and other OSes).
|
|||
%setup -q
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
%if ! %{with_xen}
|
||||
|
@ -977,6 +982,10 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Apr 5 2011 Laine Stump <laine@redhat.com> 0.8.8-4
|
||||
- Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe,
|
||||
bug 693457
|
||||
|
||||
* Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> - 0.8.8-3
|
||||
- fix a lack of API check on read-only connections 683655
|
||||
- CVE-2011-1146
|
||||
|
|
Loading…
Reference in New Issue