pool/libvirt
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- CVE-2013-4399: Fix crash in libvirtd when events are registered

Browse Source 
and ACLs active
  8294aa0c-CVE-2013-4399.patch
  bnc#844052

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=307
This commit is contained in:
James Fehlig 2013-10-15 02:35:05 +00:00 committed by Git OBS Bridge
parent 2b3f0e1499
commit 4f9e403a41
3 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
8294aa0c-CVE-2013-4399.patch Normal file
View File

@ -0,0 +1,48 @@
commit 8294aa0c1750dcb49d6345cd9bd97bf421580d8b
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Fri Sep 27 15:46:07 2013 +0100
Fix crash in libvirtd when events are registered & ACLs active
When a client disconnects from libvirtd, all event callbacks
must be removed. This involves running the public API
virConnectDomainEventDeregisterAny
This code does not run in normal API dispatch context, so no
identity was set. The result was that the access control drivers
denied the attempt to deregister callbacks. The callbacks thus
continued to trigger after the client was free'd causing fairly
predictable use of free memory & a crash.
This can be triggered by any client with readonly access when
the ACL drivers are active.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Index: libvirt-1.1.2/daemon/remote.c
===================================================================
--- libvirt-1.1.2.orig/daemon/remote.c
+++ libvirt-1.1.2/daemon/remote.c
@@ -666,8 +666,11 @@ void remoteClientFreeFunc(void *data)
/* Deregister event delivery callback */
if (priv->conn) {
+ virIdentityPtr sysident = virIdentityGetSystem();
size_t i;
+ virIdentitySetCurrent(sysident);
+
for (i = 0; i < VIR_DOMAIN_EVENT_ID_LAST; i++) {
if (priv->domainEventCallbackID[i] != -1) {
VIR_DEBUG("Deregistering to relay remote events %zu", i);
@@ -678,6 +681,9 @@ void remoteClientFreeFunc(void *data)
}
virConnectClose(priv->conn);
+
+ virIdentitySetCurrent(NULL);
+ virObjectUnref(sysident);
}
VIR_FREE(priv);

8
libvirt.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Oct 14 20:33:43 MDT 2013 - jfehlig@suse.com
- CVE-2013-4399: Fix crash in libvirtd when events are registered
and ACLs active
8294aa0c-CVE-2013-4399.patch
bnc#844052
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 14 16:40:25 MDT 2013 - jfehlig@suse.com Mon Oct 14 16:40:25 MDT 2013 - jfehlig@suse.com

2
libvirt.spec
View File

@ -409,6 +409,7 @@ Patch2: db7a5688-CVE-2013-4311.patch
Patch3: e65667c0-CVE-2013-4311.patch Patch3: e65667c0-CVE-2013-4311.patch
Patch4: 922b7fda-CVE-2013-4311.patch Patch4: 922b7fda-CVE-2013-4311.patch
Patch5: e4697b92-CVE-2013-4311.patch Patch5: e4697b92-CVE-2013-4311.patch
Patch6: 8294aa0c-CVE-2013-4399.patch
# Need to go upstream # Need to go upstream
Patch100: xen-name-for-devid.patch Patch100: xen-name-for-devid.patch
Patch101: clone.patch Patch101: clone.patch
@ -913,6 +914,7 @@ of recent versions of Linux (and other OSes).
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1
%patch100 -p1 %patch100 -p1
%patch101 %patch101
%patch102 -p1 %patch102 -p1