CVE-2013-2230 libvirt: multiple registered events crash

2013-07-11 16:47:16 -04:00 · 2013-07-11 16:47:16 -04:00 · 27ca069db7
commit 27ca069db7
parent 000a3274d2
2 changed files with 44 additions and 1 deletions
--- a/0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch
+++ b/0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch
@ -0,0 +1,34 @@
 From f38c8185f97720ecae7ef2291fbaa5d6b0209e17 Mon Sep 17 00:00:00 2001
 Message-Id: <f38c8185f97720ecae7ef2291fbaa5d6b0209e17.1373575119.git.crobinso@redhat.com>
 From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
 Date: Tue, 2 Jul 2013 15:17:09 +0200
 Subject: [PATCH] Fix crash when multiple event callbacks were registered
 CVE-2013-2230
 Don't overwrite the callback ID returned by
 virDomainEventStateRegisterID in ret by 0.
 Introduced by abf75aea.
 ---
 src/qemu/qemu_driver.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
 diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
 index 571d1f8..b0180c9 100644
 --- a/src/qemu/qemu_driver.c
 +++ b/src/qemu/qemu_driver.c
@@ -10043,9 +10043,7 @@ qemuConnectDomainEventRegisterAny(virConnectPtr conn,
                                       driver->domainEventState,
                                       dom, eventID,
                                       callback, opaque, freecb, &ret) < 0)
 -        goto cleanup;
 -
 -    ret = 0;
 +        ret = -1;
 cleanup:
     return ret;
 -- 
 1.8.3.1
--- a/libvirt.spec
+++ b/libvirt.spec
@ -350,7 +350,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 1.1.0
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -361,6 +361,9 @@ URL: http://libvirt.org/
 %endif
 Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz
 # CVE-2013-2230 libvirt: multiple registered events crash
 Patch0001: 0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch
 %if %{with_libvirtd}
 Requires: libvirt-daemon = %{version}-%{release}
    %if %{with_network}
@ -1131,6 +1134,9 @@ of recent versions of Linux (and other OSes).
 %prep
 %setup -q
 # CVE-2013-2230 libvirt: multiple registered events crash
 %patch0001 -p1
 %build
 %if ! %{with_xen}
    %define _without_xen --without-xen
@ -2066,6 +2072,9 @@ fi
 %endif
 %changelog
 * Thu Jul 11 2013 Cole Robinson <crobinso@redhat.com> - 1.1.0-2
 - CVE-2013-2230 libvirt: multiple registered events crash
 * Mon Jul  1 2013 Daniel Veillard <veillard@redhat.com> - 1.1.0-1
 - CVE-2013-2218: Fix crash listing network interfaces with filters
 - Fine grained ACL support for the API