File a63b48c5-CVE-2020-25637.patch of Package libvirt.16761

commit a63b48c5ecef077bf0f909a85f453a605600cf05
Author: Ján Tomko <jtomko@redhat.com>
Date:   Fri Sep 18 17:56:37 2020 +0200

    qemu: agent: set ifname to NULL after freeing
    
    CVE-2020-25637
    
    Signed-off-by: Ján Tomko <jtomko@redhat.com>
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Fixes: 0977b8aa071de550e1a013d35e2c72615e65d520
    Reviewed-by: Mauro Matteo Cascella <mcascell@redhat.com>
    Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

Index: libvirt-5.1.0/src/qemu/qemu_agent.c
===================================================================
--- libvirt-5.1.0.orig/src/qemu/qemu_agent.c
+++ libvirt-5.1.0/src/qemu/qemu_agent.c
@@ -2113,6 +2113,7 @@ qemuAgentGetInterfaces(qemuAgentPtr mon,
 
         /* Has to be freed for each interface. */
         virStringListFree(ifname);
+        ifname = NULL;
 
         /* as well as IP address which - moreover -
          * can be presented multiple times */
openSUSE Build Service is sponsored by