CVE-2013-2230 libvirt: multiple registered events crash

2013-07-11 16:47:16 -04:00 · 2013-07-11 16:47:16 -04:00 · 27ca069db7
commit 27ca069db7
parent 000a3274d2
2 changed files with 44 additions and 1 deletions
--- a/0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch
+++ b/0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch
@ -0,0 +1,34 @@
+From f38c8185f97720ecae7ef2291fbaa5d6b0209e17 Mon Sep 17 00:00:00 2001
+Message-Id: <f38c8185f97720ecae7ef2291fbaa5d6b0209e17.1373575119.git.crobinso@redhat.com>
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Tue, 2 Jul 2013 15:17:09 +0200
+Subject: [PATCH] Fix crash when multiple event callbacks were registered
+
+CVE-2013-2230
+
+Don't overwrite the callback ID returned by
+virDomainEventStateRegisterID in ret by 0.
+
+Introduced by abf75aea.
+---
+ src/qemu/qemu_driver.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 571d1f8..b0180c9 100644
+--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
+@@ -10043,9 +10043,7 @@ qemuConnectDomainEventRegisterAny(virConnectPtr conn,
+                                       driver->domainEventState,
+                                       dom, eventID,
+                                       callback, opaque, freecb, &ret) < 0)
+-        goto cleanup;
+-
+-    ret = 0;
+        ret = -1;
+ 
+ cleanup:
+     return ret;
+-- 
+1.8.3.1
+
--- a/libvirt.spec
+++ b/libvirt.spec
@ -350,7 +350,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 1.1.0
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -361,6 +361,9 @@ URL: http://libvirt.org/
 %endif
 Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz

+# CVE-2013-2230 libvirt: multiple registered events crash
+Patch0001: 0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch
+
 %if %{with_libvirtd}
 Requires: libvirt-daemon = %{version}-%{release}
    %if %{with_network}
@ -1131,6 +1134,9 @@ of recent versions of Linux (and other OSes).
 %prep
 %setup -q

+# CVE-2013-2230 libvirt: multiple registered events crash
+%patch0001 -p1
+
 %build
 %if ! %{with_xen}
    %define _without_xen --without-xen
@ -2066,6 +2072,9 @@ fi
 %endif

 %changelog
+* Thu Jul 11 2013 Cole Robinson <crobinso@redhat.com> - 1.1.0-2
+- CVE-2013-2230 libvirt: multiple registered events crash
+
 * Mon Jul  1 2013 Daniel Veillard <veillard@redhat.com> - 1.1.0-1
 - CVE-2013-2218: Fix crash listing network interfaces with filters
 - Fine grained ACL support for the API