Overview

File 955029bd-CVE-2020-25637.patch of Package libvirt.22292

commit 955029bd0ad7ef96000f529ac38204a8f4a96401
Author: Ján Tomko <jtomko@redhat.com>
Date:   Fri Sep 18 17:44:56 2020 +0200

    rpc: gendispatch: handle empty flags
    
    CVE-2020-25637
    
    Prepare for omission of the <flagname> in remote_protocol.x
    @acl annotations:
     @acl: <object>:<permission>:<flagname>
    so that we can add more fields after, e.g.:
     @acl: <object>:<permission>::<field>
    
    Signed-off-by: Ján Tomko <jtomko@redhat.com>
    Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

Index: libvirt-5.1.0/src/rpc/gendispatch.pl
===================================================================
--- libvirt-5.1.0.orig/src/rpc/gendispatch.pl
+++ libvirt-5.1.0/src/rpc/gendispatch.pl
@@ -2105,7 +2105,7 @@ elsif ($mode eq "client") {
                 if ($acl[$i]->{object} ne $acl[0]->{object}) {
                     die "acl for '$call->{ProcName}' cannot check different objects";
                 }
-                if (defined $acl[$i]->{flags}) {
+                if (defined $acl[$i]->{flags} && length $acl[$i]->{flags}) {
                     $checkflags = 1;
                 }
             }
@@ -2189,7 +2189,7 @@ elsif ($mode eq "client") {
                     my $method = "virAccessManagerCheck" . $object;
                     my $space = ' ' x length($method);
                     print "    if (";
-                    if (defined $acl->{flags}) {
+                    if (defined $acl->{flags} && length $acl->{flags}) {
                         my $flags = $acl->{flags};
                         if ($flags =~ /^\!/) {
                             $flags = substr $flags, 1;
openSUSE Build Service is sponsored by
Places