9b367aafd3
db7a5688-CVE-2013-4311.patch, e65667c0-CVE-2013-4311.patch, 922b7fda-CVE-2013-4311.patch, e4697b92-CVE-2013-4311.patch bnc#836931 - CVE-2013-4296: Fix crash in remoteDispatchDomainMemoryStats e7f400a1-CVE-2013-4296.patch bnc#838638 - CVE-2013-4297: Fix crash in virFileNBDDeviceAssociate 2dba0323-CVE-2013-4297.patch bnc#838642 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=299
36 lines
1.3 KiB
Diff
36 lines
1.3 KiB
Diff
commit e7f400a110e2e3673b96518170bfea0855dd82c0
|
|
Author: Daniel P. Berrange <berrange@redhat.com>
|
|
Date: Tue Sep 3 16:52:06 2013 +0100
|
|
|
|
Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
|
|
|
|
The 'stats' variable was not initialized to NULL, so if some
|
|
early validation of the RPC call fails, it is possible to jump
|
|
to the 'cleanup' label and VIR_FREE an uninitialized pointer.
|
|
This is a security flaw, since the API can be called from a
|
|
readonly connection which can trigger the validation checks.
|
|
|
|
This was introduced in release v0.9.1 onwards by
|
|
|
|
commit 158ba8730e44b7dd07a21ab90499996c5dec080a
|
|
Author: Daniel P. Berrange <berrange@redhat.com>
|
|
Date: Wed Apr 13 16:21:35 2011 +0100
|
|
|
|
Merge all returns paths from dispatcher into single path
|
|
|
|
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
|
Index: libvirt-1.1.2/daemon/remote.c
|
|
===================================================================
|
|
--- libvirt-1.1.2.orig/daemon/remote.c
|
|
+++ libvirt-1.1.2/daemon/remote.c
|
|
@@ -1146,7 +1146,7 @@ remoteDispatchDomainMemoryStats(virNetSe
|
|
remote_domain_memory_stats_ret *ret)
|
|
{
|
|
virDomainPtr dom = NULL;
|
|
- struct _virDomainMemoryStat *stats;
|
|
+ struct _virDomainMemoryStat *stats = NULL;
|
|
int nr_stats;
|
|
size_t i;
|
|
int rv = -1;
|