From 3e7d9e54e9ce286fe1bee5d32089cd58d63e5cee Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Fri, 20 Dec 2013 15:04:09 +0100 Subject: [PATCH] qemu: Fix job usage in qemuDomainBlockJobImpl CVE-2013-6458 Every API that is going to begin a job should do that before fetching data from vm->def. Conflicts: src/qemu/qemu_driver.c (cherry picked from commit f93d2caa070f6197ab50d372d286018b0ba6bbd8) --- src/qemu/qemu_driver.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index b17aa09ae1..f810275894 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -11749,11 +11749,6 @@ qemuDomainBlockJobImpl(virDomainPtr dom, const char *path, const char *base, goto cleanup; } - device = qemuDiskPathToAlias(vm, path, &idx); - if (!device) - goto cleanup; - disk = vm->def->disks[idx]; - if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_MODIFY) < 0) goto cleanup; @@ -11763,6 +11758,11 @@ qemuDomainBlockJobImpl(virDomainPtr dom, const char *path, const char *base, goto endjob; } + device = qemuDiskPathToAlias(vm, path, &idx); + if (!device) + goto endjob; + disk = vm->def->disks[idx]; + qemuDomainObjEnterMonitorWithDriver(driver, vm); /* XXX - libvirt should really be tracking the backing file chain * itself, and validating that base is on the chain, rather than