mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-03 11:35:19 +00:00
Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
The 'stats' variable was not initialized to NULL, so if some early validation of the RPC call fails, it is possible to jump to the 'cleanup' label and VIR_FREE an uninitialized pointer. This is a security flaw, since the API can be called from a readonly connection which can trigger the validation checks. This was introduced in release v0.9.1 onwards by commit158ba8730e
Author: Daniel P. Berrange <berrange@redhat.com> Date: Wed Apr 13 16:21:35 2011 +0100 Merge all returns paths from dispatcher into single path Signed-off-by: Daniel P. Berrange <berrange@redhat.com> (cherry picked from commite7f400a110
) Conflicts: daemon/remote.c - context
This commit is contained in:
parent
bbdbe1905a
commit
9579f4576c
@ -1165,7 +1165,7 @@ remoteDispatchDomainMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED,
|
|||||||
remote_domain_memory_stats_ret *ret)
|
remote_domain_memory_stats_ret *ret)
|
||||||
{
|
{
|
||||||
virDomainPtr dom = NULL;
|
virDomainPtr dom = NULL;
|
||||||
struct _virDomainMemoryStat *stats;
|
struct _virDomainMemoryStat *stats = NULL;
|
||||||
int nr_stats, i;
|
int nr_stats, i;
|
||||||
int rv = -1;
|
int rv = -1;
|
||||||
struct daemonClientPrivate *priv =
|
struct daemonClientPrivate *priv =
|
||||||
|
Loading…
Reference in New Issue
Block a user