External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-06 21:15:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
7223766077
libvirt/daemon
History
Jiri Denemark 45d6729f98 daemon: Fix crash in virTypedParameterArrayClear 
CVE-2012-3445, https://bugzilla.redhat.com/show_bug.cgi?id=844745

Daemon uses the following pattern when dispatching APIs with typed
parameters:

    VIR_ALLOC_N(params, nparams);
    virDomain*(dom, params, &nparams, flags);
    virTypedParameterArrayClear(params, nparams);

In case nparams was originally set to 0, virDomain* API would fill it
with the number of typed parameters it can provide and we would use this
number (rather than zero) to clear params. Because VIR_ALLOC* returns
non-NULL pointer even if size is 0, the code would end up walking
through random memory. If we were lucky enough and the memory contained
7 (VIR_TYPED_PARAM_STRING) at the right place, we would try to free a
random pointer and crash.

Let's make sure params stays NULL when nparams is 0.
(cherry picked from commit 6039a2cb49)
2012-08-01 16:28:53 -06:00
..
libvirtd.aug Fix mistakes in augeas lens 2012-06-14 18:23:20 -04:00
libvirtd.c Reject any non-option command line arguments 2012-06-14 18:22:51 -04:00
libvirtd.conf Standardize whitespace used in example config files 2012-06-14 18:22:52 -04:00
libvirtd.h API: make declaration of _LAST enum values conditional 2012-01-20 16:05:51 -07:00
libvirtd.init.in daemon: Remove deprecated HAL from init script dependencies 2012-03-02 16:32:37 +01:00
libvirtd.logrotate.in Add logrotate support for libvirtd.log 2011-03-04 22:43:55 +08:00
libvirtd.lxc.logrotate.in Change logrotate to be per-hypervisor logs 2010-03-10 11:27:02 +01:00
libvirtd.pod.in docs: removed outdated reference to virt-mem 2010-11-23 01:11:10 +11:00
libvirtd.policy-0 Allow polkit auth for VNC and SSH users 2012-02-07 11:59:35 -05:00
libvirtd.policy-1 Allow polkit auth for VNC and SSH users 2012-02-07 11:59:35 -05:00
libvirtd.qemu.logrotate.in Change logrotate to be per-hypervisor logs 2010-03-10 11:27:02 +01:00
libvirtd.sasl Rename qemud/ directory to daemon/ 2009-09-21 14:41:42 +01:00
libvirtd.service.in Remove more bogus systemd service dependencies 2012-06-14 18:22:51 -04:00
libvirtd.sysconf daemon: Allow overriding NOFILES ulimit for the daemon as well 2012-02-01 16:04:30 +01:00
libvirtd.sysctl init: raise default system aio limits 2011-10-05 14:49:35 -06:00
libvirtd.uml.logrotate.in Change logrotate to be per-hypervisor logs 2010-03-10 11:27:02 +01:00
libvirtd.upstart daemon: Allow overriding NOFILES ulimit for the daemon as well 2012-02-01 16:04:30 +01:00
Makefile.am Don't install sysctl file on non-Linux hosts 2012-04-16 12:39:24 +01:00
remote.c daemon: Fix crash in virTypedParameterArrayClear 2012-08-01 16:28:53 -06:00
remote.h Remove unused virNetServerProgramErrorHander typedef 2011-07-13 11:47:01 +01:00
stream.c maint: fix improper use of 'an' 2011-12-03 17:11:56 -07:00
stream.h Ensure client streams are closed when marking a client for close 2011-08-16 14:38:11 -07:00
test_libvirtd.aug Change the default of mdns_adv to false 2012-03-27 09:54:49 -06:00
THREADS.txt maint: use consistent file name for threading notes 2011-05-31 13:54:45 -06:00