External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-04 07:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: Fix libvirtd crash possibility

Browse Source 
Fix for CVE-2012-4423.

When generating RPC protocol messages, it's strictly needed to have a
continuous line of numbers or RPC messages. However in case anyone
tries backporting some functionality and will skip a number, there is
a possibility to make the daemon segfault with newer virsh (version of
the library, rpc call, etc.) even unintentionally.

The problem is that the skipped numbers will get func filled with
NULLs, but there is no check whether these are set before the daemon
tries to run them. This patch very simply enhances one check and fixes
that.
This commit is contained in:
Martin Kletzander 2012-09-12 23:43:26 +02:00
parent ac89a611d4
commit b7ff9e6960
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/rpc/virnetserverprogram.c
View File

@ -1,7 +1,7 @@
/*
* virnetserverprogram.c: generic network RPC server program
*
* Copyright (C) 2006-2011 Red Hat, Inc.
* Copyright (C) 2006-2012 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@ -109,12 +109,19 @@ int virNetServerProgramMatches(virNetServerProgramPtr prog,
static virNetServerProgramProcPtr virNetServerProgramGetProc(virNetServerProgramPtr prog,
int procedure)
{
virNetServerProgramProcPtr proc;
if (procedure < 0)
return NULL;
if (procedure >= prog->nprocs)
return NULL;
return &prog->procs[procedure];
proc = &prog->procs[procedure];
if (!proc->func)
return NULL;
return proc;
}
unsigned int