File 2bdcd29c-CVE-2014-8136.patch of Package libvirt.11695

commit 2bdcd29c713dfedd813c89f56ae98f6f3898313d
Author: Peter Krempa <pkrempa@redhat.com>
Date:   Mon Dec 8 19:25:21 2014 +0100

    qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs
    
    Avoid leaving the domain locked on a failed ACL check in
    qemuDomainMigratePerform() and qemuDomainMigrateFinish2().
    
    Introduced in commit abf75aea247e (Add ACL checks into the QEMU driver).

Index: libvirt-1.2.5/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.2.5.orig/src/qemu/qemu_driver.c
+++ libvirt-1.2.5/src/qemu/qemu_driver.c
@@ -10701,8 +10701,10 @@ qemuDomainMigratePerform(virDomainPtr do
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
-    if (virDomainMigratePerformEnsureACL(dom->conn, vm->def) < 0)
+    if (virDomainMigratePerformEnsureACL(dom->conn, vm->def) < 0) {
+        virObjectUnlock(vm);
         goto cleanup;
+    }
 
     if (flags & VIR_MIGRATE_PEER2PEER) {
         dconnuri = uri;
@@ -10749,8 +10751,10 @@ qemuDomainMigrateFinish2(virConnectPtr d
         goto cleanup;
     }
 
-    if (virDomainMigrateFinish2EnsureACL(dconn, vm->def) < 0)
+    if (virDomainMigrateFinish2EnsureACL(dconn, vm->def) < 0) {
+        virObjectUnlock(vm);
         goto cleanup;
+    }
 
     /* Do not use cookies in v2 protocol, since the cookie
      * length was not sufficiently large, causing failures