Skip to content
Snippets Groups Projects
Commit 4fbc990b authored by Laurent Léonard's avatar Laurent Léonard
Browse files

New patch security-plug-regression-introduced-in-disk-probe-lo.patch

Closes: #629128
parent b0ad4049
No related branches found
No related tags found
No related merge requests found
From: Eric Blake <eblake@redhat.com>
Date: Thu, 26 May 2011 08:18:46 -0600
Subject: security: plug regression introduced in disk probe logic
Regression introduced in commit d6623003 (v0.8.8) - using the
wrong sizeof operand meant that security manager private data
was overlaying the allowDiskFormatProbing member of struct
_virSecurityManager. This reopens disk probing, which was
supposed to be prevented by the solution to CVE-2010-2238.
Origin: upstream, http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=b598ac555c8fe67ffc39ac8ef25fe7e6b28ae3f2
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=709769
Bug-Debian: http://bugs.debian.org/629128
---
src/security/security_manager.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 0246dd8..6f0becd 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -107,7 +107,9 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
{
- return ((char*)mgr) + sizeof(mgr);
+ /* This accesses the memory just beyond mgr, which was allocated
+ * via VIR_ALLOC_VAR earlier. */
+ return mgr + 1;
}
--
......@@ -8,3 +8,4 @@ Disable-CHECKSUM-rule.patch
Debianize-libvirt-guests.patch
virsh-Initialize-library-before-calling-virResetLast.patch
Disable-daemon-start-test.patch
security-plug-regression-introduced-in-disk-probe-lo.patch
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment