Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe, bug 693457
This commit is contained in:
parent
dedb223721
commit
2915aa73af
|
@ -0,0 +1,51 @@
|
||||||
|
From 2c2ae4c48c7e57fd233f1b9475fb6ecbab04804a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jiri Denemark <jdenemar@redhat.com>
|
||||||
|
Date: Fri, 25 Mar 2011 16:45:45 +0100
|
||||||
|
Subject: [PATCH 2/2] daemon: Avoid resetting errors before they are reported
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=690733
|
||||||
|
|
||||||
|
Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
|
||||||
|
*Free) is called before remoteDispatchConnError() is called on error.
|
||||||
|
However, the patch missed two instances.
|
||||||
|
(cherry picked from commit 55cc591fc18e87b29febf78dc5b424b7c12f7349)
|
||||||
|
---
|
||||||
|
daemon/remote.c | 6 ++++--
|
||||||
|
1 files changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/daemon/remote.c b/daemon/remote.c
|
||||||
|
index 554e75e..159430e 100644
|
||||||
|
--- a/daemon/remote.c
|
||||||
|
+++ b/daemon/remote.c
|
||||||
|
@@ -4868,12 +4868,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
|
||||||
|
ret->names.names_len =
|
||||||
|
virStoragePoolListVolumes (pool,
|
||||||
|
ret->names.names_val, args->maxnames);
|
||||||
|
- virStoragePoolFree(pool);
|
||||||
|
if (ret->names.names_len == -1) {
|
||||||
|
VIR_FREE(ret->names.names_val);
|
||||||
|
remoteDispatchConnError(rerr, conn);
|
||||||
|
+ virStoragePoolFree(pool);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
+ virStoragePoolFree(pool);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -4897,11 +4898,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
|
||||||
|
}
|
||||||
|
|
||||||
|
ret->num = virStoragePoolNumOfVolumes (pool);
|
||||||
|
- virStoragePoolFree(pool);
|
||||||
|
if (ret->num == -1) {
|
||||||
|
remoteDispatchConnError(rerr, conn);
|
||||||
|
+ virStoragePoolFree(pool);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
+ virStoragePoolFree(pool);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.7.3.4
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
11
libvirt.spec
11
libvirt.spec
|
@ -204,12 +204,15 @@
|
||||||
Summary: Library providing a simple virtualization API
|
Summary: Library providing a simple virtualization API
|
||||||
Name: libvirt
|
Name: libvirt
|
||||||
Version: 0.8.8
|
Version: 0.8.8
|
||||||
Release: 3%{?dist}%{?extra_release}
|
Release: 4%{?dist}%{?extra_release}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
|
Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
|
||||||
Patch1: %{name}-%{version}-kernel-boot-index.patch
|
Patch1: %{name}-%{version}-kernel-boot-index.patch
|
||||||
Patch2: %{name}-%{version}-read-only-checks.patch
|
Patch2: %{name}-%{version}-read-only-checks.patch
|
||||||
|
# Patches 5, 6 CVE-2011-1486
|
||||||
|
Patch3: %{name}-%{version}-threadsafe-libvirtd-error-reporting.patch
|
||||||
|
Patch4: %{name}-%{version}-avoid-resetting-errors.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||||
URL: http://libvirt.org/
|
URL: http://libvirt.org/
|
||||||
BuildRequires: python-devel
|
BuildRequires: python-devel
|
||||||
|
@ -458,6 +461,8 @@ of recent versions of Linux (and other OSes).
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if ! %{with_xen}
|
%if ! %{with_xen}
|
||||||
|
@ -977,6 +982,10 @@ fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 5 2011 Laine Stump <laine@redhat.com> 0.8.8-4
|
||||||
|
- Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe,
|
||||||
|
bug 693457
|
||||||
|
|
||||||
* Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> - 0.8.8-3
|
* Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> - 0.8.8-3
|
||||||
- fix a lack of API check on read-only connections 683655
|
- fix a lack of API check on read-only connections 683655
|
||||||
- CVE-2011-1146
|
- CVE-2011-1146
|
||||||
|
|
Loading…
Reference in New Issue