Skip to content
Snippets Groups Projects
Commit 1c9a023b authored by Guido Günther's avatar Guido Günther
Browse files

libvirt_proxy: Fix use of uninitalized memory

We currently don't build this code (CVE-2009-0036).
parent 5c9dfd7d
No related branches found
No related tags found
No related merge requests found
From: Rasputin <rasputin@email.ru>
Date: Tue, 27 Jan 2009 21:33:12 +0300
Subject: [PATCH] libvirt_proxy: Fix use of uninitalized memory
On short read, members of packet header are checked before actually read.
If uninitialized values can pass the test, they can be set to arbitrary
values while reading remaining portion of a packet.
Buffer overflow is possible. libvirt_proxy is suid-root.
CVE-2009-0036
---
proxy/libvirt_proxy.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/proxy/libvirt_proxy.c b/proxy/libvirt_proxy.c
index 3b0dc42..8657f62 100644
--- a/proxy/libvirt_proxy.c
+++ b/proxy/libvirt_proxy.c
@@ -385,7 +385,8 @@ retry:
fprintf(stderr, "read %d bytes from client %d on socket %d\n",
ret, nr, pollInfos[nr].fd);
- if ((req->version != PROXY_PROTO_VERSION) ||
+ if ((ret != sizeof(virProxyPacket)) ||
+ (req->version != PROXY_PROTO_VERSION) ||
(req->len < sizeof(virProxyPacket)) ||
(req->len > sizeof(virProxyFullPacket)))
goto comm_error;
--
......@@ -6,3 +6,4 @@
0006-Fix-missing-read-only-access-checks-CVE-2008-5086.patch
0007-don-t-fail-on-missing-locales.patch
0008-Don-t-hardcode-ssh-port.patch
0009-libvirt_proxy-Fix-use-of-uninitalized-memory.patch
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment