Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe
Laine Stump
parent
49899b2218
commit
d9ebdd3bce
|
|
@ -0,0 +1,51 @@
|
|||
From 66aaaf1af42d6f1e9f9b75bd1514c0c097e244e6 Mon Sep 17 00:00:00 2001
|
||||
From: Jiri Denemark <jdenemar@redhat.com>
|
||||
Date: Fri, 25 Mar 2011 16:45:45 +0100
|
||||
Subject: [PATCH 2/2] daemon: Avoid resetting errors before they are reported
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=690733
|
||||
|
||||
Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
|
||||
*Free) is called before remoteDispatchConnError() is called on error.
|
||||
However, the patch missed two instances.
|
||||
(cherry picked from commit 55cc591fc18e87b29febf78dc5b424b7c12f7349)
|
||||
---
|
||||
daemon/remote.c | 6 ++++--
|
||||
1 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/daemon/remote.c b/daemon/remote.c
|
||||
index abf9cf3..8a25f05 100644
|
||||
--- a/daemon/remote.c
|
||||
+++ b/daemon/remote.c
|
||||
@@ -4531,12 +4531,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
|
||||
ret->names.names_len =
|
||||
virStoragePoolListVolumes (pool,
|
||||
ret->names.names_val, args->maxnames);
|
||||
- virStoragePoolFree(pool);
|
||||
if (ret->names.names_len == -1) {
|
||||
VIR_FREE(ret->names.names_val);
|
||||
remoteDispatchConnError(rerr, conn);
|
||||
+ virStoragePoolFree(pool);
|
||||
return -1;
|
||||
}
|
||||
+ virStoragePoolFree(pool);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -4560,11 +4561,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
|
||||
}
|
||||
|
||||
ret->num = virStoragePoolNumOfVolumes (pool);
|
||||
- virStoragePoolFree(pool);
|
||||
if (ret->num == -1) {
|
||||
remoteDispatchConnError(rerr, conn);
|
||||
+ virStoragePoolFree(pool);
|
||||
return -1;
|
||||
}
|
||||
+ virStoragePoolFree(pool);
|
||||
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
1.7.3.4
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
12
libvirt.spec
12
libvirt.spec
|
|
@ -185,7 +185,7 @@
|
|||
Summary: Library providing a simple API virtualization
|
||||
Name: libvirt
|
||||
Version: 0.8.2
|
||||
Release: 4%{?dist}%{?extra_release}
|
||||
Release: 5%{?dist}%{?extra_release}
|
||||
License: LGPLv2+
|
||||
Group: Development/Libraries
|
||||
Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
|
||||
|
|
@ -206,6 +206,10 @@ Patch12: libvirt-0.8.2-apply-iptables-sport-mapping.patch
|
|||
# CVE-2011-1146
|
||||
Patch13: libvirt-0.8.2-read-only-checks.patch
|
||||
Patch14: libvirt-0.8.2-fix-var-lib-libvirt-permissions.patch
|
||||
# Patches 15, 16 CVE-2011-1486
|
||||
Patch15: libvirt-0.8.2-threadsafe-libvirtd-error-reporting.patch
|
||||
Patch16: libvirt-0.8.2-avoid-resetting-errors.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
URL: http://libvirt.org/
|
||||
BuildRequires: python-devel
|
||||
|
|
@ -455,6 +459,8 @@ of recent versions of Linux (and other OSes).
|
|||
%patch12 -p1
|
||||
%patch13 -p0
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
|
||||
%build
|
||||
%if ! %{with_xen}
|
||||
|
|
@ -942,6 +948,10 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Apr 4 2011 Laine Stump <laine@redhat.com> 0.8.2-5
|
||||
- Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe,
|
||||
bug 693457
|
||||
|
||||
* Mon Apr 4 2011 Laine Stump <laine@redhat.com> 0.8.2-4
|
||||
- fix permissions on /var/lib/libvirt
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue