File dfff16a7-CVE-2020-10703.patch of Package libvirt.17937
commit dfff16a7c261f8d28e3abe60a47165f845fa952f
Author: Yi Li <yili@winhong.com>
Date: Sat Dec 21 08:33:33 2019 +0800
storage: Fix daemon crash on lookup storagepool by targetpath
Causing a crash when storagePoolLookupByTargetPath beacuse of
Some types of storage pool have no target elements.
Use STREQ_NULLABLE instead of STREQ
Avoids segfaults when using NULL arguments.
Core was generated by `/usr/sbin/libvirtd'.
Program terminated with signal 11, Segmentation fault.
(gdb) bt
0 0x0000ffff9e951388 in strcmp () from /lib64/libc.so.6
1 0x0000ffff92103e9c in storagePoolLookupByTargetPathCallback (
obj=0xffff7009aab0, opaque=0xffff801058b0) at storage/storage_driver.c:1649
2 0x0000ffff9f2c52a4 in virStoragePoolObjListSearchCb (
payload=0xffff801058b0, name=<optimized out>, opaque=<optimized out>)
at conf/virstorageobj.c:476
3 0x0000ffff9f1f2f7c in virHashSearch (ctable=0xffff800f4f60,
iter=iter@entry=0xffff9f2c5278 <virStoragePoolObjListSearchCb>,
data=data@entry=0xffff95af7488, name=name@entry=0x0) at util/virhash.c:696
4 0x0000ffff9f2c64f0 in virStoragePoolObjListSearch (pools=0xffff800f2ce0,
searcher=searcher@entry=0xffff92103e68 <storagePoolLookupByTargetPathCallback>,
opaque=<optimized out>) at conf/virstorageobj.c:505
5 0x0000ffff92101f54 in storagePoolLookupByTargetPath (conn=0xffff5c0009f0,
path=0xffff7009a850 "/vms/images") at storage/storage_driver.c:1672
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Yi Li <yili@winhong.com>
Index: libvirt-4.0.0/src/storage/storage_driver.c
===================================================================
--- libvirt-4.0.0.orig/src/storage/storage_driver.c
+++ libvirt-4.0.0/src/storage/storage_driver.c
@@ -1607,7 +1607,7 @@ storagePoolLookupByTargetPathCallback(vi
return false;
def = virStoragePoolObjGetDef(obj);
- return STREQ(path, def->target.path);
+ return STREQ_NULLABLE(path, def->target.path);
}
