mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 22:55:23 +00:00
Crash of libvirtd by unprivileged user in virConnectListAllInterfaces
On Thu, Jun 27, 2013 at 03:56:42PM +0100, Daniel P. Berrange wrote: > Hi Security Team, > > I've discovered a way for an unprivileged user with a readonly connection > to libvirtd, to crash the daemon. Ok, the final patch for this is issue will be the simpler variant that Eric suggested The embargo can be considered to be lifted on Monday July 1st, at 0900 UTC The following is the GIT change that DV or myself will apply to libvirt GIT master immediately before the 1.1.0 release: >From 177b4165c531a4b3ba7f6ab6aa41dca9ceb0b8cf Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange@redhat.com> Date: Fri, 28 Jun 2013 10:48:37 +0100 Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with filters The virConnectListAllInterfaces method has a double-free of the 'struct netcf_if' object when any of the filtering flags cause an interface to be skipped over. For example when running the command 'virsh iface-list --inactive' This is a regression introduced in release 1.0.6 by commit7ac2c4fe62
Author: Guannan Ren <gren@redhat.com> Date: Tue May 21 21:29:38 2013 +0800 interface: list all interfaces with flags == 0 Signed-off-by: Daniel P. Berrange <berrange@redhat.com> (cherry picked from commit244e0b8cf1
)
This commit is contained in:
parent
38edb034c6
commit
67a2f4c6d8
@ -365,6 +365,7 @@ netcfConnectListAllInterfaces(virConnectPtr conn,
|
||||
(MATCH(VIR_CONNECT_LIST_INTERFACES_INACTIVE) &&
|
||||
(status & NETCF_IFACE_INACTIVE)))) {
|
||||
ncf_if_free(iface);
|
||||
iface = NULL;
|
||||
continue;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user