External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-09-09 09:14:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: plug regression introduced in disk probe logic

Browse Source 
Regression introduced in commit d6623003 (v0.8.8) - using the
wrong sizeof operand meant that security manager private data
was overlaying the allowDiskFormatProbing member of struct
_virSecurityManager.  This reopens disk probing, which was
supposed to be prevented by the solution to CVE-2010-2238.

* src/security/security_manager.c
(virSecurityManagerGetPrivateData): Use correct offset.
This commit is contained in:
Eric Blake 2011-05-26 08:18:46 -06:00
parent b43e78f76b
commit b598ac555c
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/security/security_manager.c
View File

@ -107,7 +107,9 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
{
return ((char*)mgr) + sizeof(mgr);
/* This accesses the memory just beyond mgr, which was allocated
* via VIR_ALLOC_VAR earlier. */
return mgr + 1;
}