mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 14:45:24 +00:00
Fix typo in identity code which is pre-requisite for CVE-2013-4311
The fix for CVE-2013-4311 had a pre-requisite enhancement
to the identity code
commit db7a5688c0
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Thu Aug 22 16:00:01 2013 +0100
Also store user & group ID values in virIdentity
This had a typo which caused the group ID to overwrite the
user ID string. This meant any checks using this would have
the wrong ID value. This only affected the ACL code, not the
initial polkit auth. It also leaked memory.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
0543e0d212
commit
e4697b92ab
@ -678,7 +678,7 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
|
||||
goto cleanup;
|
||||
if (!(groupname = virGetGroupName(gid)))
|
||||
goto cleanup;
|
||||
if (virAsprintf(&userid, "%d", (int)gid) < 0)
|
||||
if (virAsprintf(&groupid, "%d", (int)gid) < 0)
|
||||
goto cleanup;
|
||||
if (virAsprintf(&processid, "%llu",
|
||||
(unsigned long long)pid) < 0)
|
||||
|
Loading…
Reference in New Issue
Block a user