File 955029bd-CVE-2020-25637.patch of Package libvirt.22291
commit 955029bd0ad7ef96000f529ac38204a8f4a96401
Author: Ján Tomko <jtomko@redhat.com>
Date: Fri Sep 18 17:44:56 2020 +0200
rpc: gendispatch: handle empty flags
CVE-2020-25637
Prepare for omission of the <flagname> in remote_protocol.x
@acl annotations:
@acl: <object>:<permission>:<flagname>
so that we can add more fields after, e.g.:
@acl: <object>:<permission>::<field>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Index: libvirt-6.0.0/src/rpc/gendispatch.pl
===================================================================
--- libvirt-6.0.0.orig/src/rpc/gendispatch.pl
+++ libvirt-6.0.0/src/rpc/gendispatch.pl
@@ -2112,7 +2112,7 @@ elsif ($mode eq "client") {
if ($acl[$i]->{object} ne $acl[0]->{object}) {
die "acl for '$call->{ProcName}' cannot check different objects";
}
- if (defined $acl[$i]->{flags}) {
+ if (defined $acl[$i]->{flags} && length $acl[$i]->{flags}) {
$checkflags = 1;
}
}
@@ -2200,7 +2200,7 @@ elsif ($mode eq "client") {
my $method = "virAccessManagerCheck" . $object;
my $space = ' ' x length($method);
print " if (";
- if (defined $acl->{flags}) {
+ if (defined $acl->{flags} && length $acl->{flags}) {
my $flags = $acl->{flags};
if ($flags =~ /^\!/) {
$flags = substr $flags, 1;