File a63b48c5-CVE-2020-25637.patch of Package libvirt.17937
commit a63b48c5ecef077bf0f909a85f453a605600cf05
Author: Ján Tomko <jtomko@redhat.com>
Date: Fri Sep 18 17:56:37 2020 +0200
qemu: agent: set ifname to NULL after freeing
CVE-2020-25637
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Fixes: 0977b8aa071de550e1a013d35e2c72615e65d520
Reviewed-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Index: libvirt-4.0.0/src/qemu/qemu_agent.c
===================================================================
--- libvirt-4.0.0.orig/src/qemu/qemu_agent.c
+++ libvirt-4.0.0/src/qemu/qemu_agent.c
@@ -2136,6 +2136,7 @@ qemuAgentGetInterfaces(qemuAgentPtr mon,
/* Has to be freed for each interface. */
virStringListFree(ifname);
+ ifname = NULL;
/* as well as IP address which - moreover -
* can be presented multiple times */
