File a4947e8f-nwfilter-CVE-2022-0897.patch of Package libvirt.26629

commit a4947e8f63c3e6b7b067b444f3d6cf674c0d7f36
Author: Daniel P. Berrangé <berrange@redhat.com>
Date:   Tue Mar 8 17:28:38 2022 +0000

    nwfilter: fix crash when counting number of network filters
    
    The virNWFilterObjListNumOfNWFilters method iterates over the
    driver->nwfilters, accessing virNWFilterObj instances. As such
    it needs to be protected against concurrent modification of
    the driver->nwfilters object.
    
    This API allows unprivileged users to connect, so users with
    read-only access to libvirt can cause a denial of service
    crash if they are able to race with a call of virNWFilterUndefine.
    Since network filters are usually statically defined, this is
    considered a low severity problem.
    
    This is assigned CVE-2022-0897.
    
    Reviewed-by: Eric Blake <eblake@redhat.com>
    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Index: libvirt-8.0.0/src/nwfilter/nwfilter_driver.c
===================================================================
--- libvirt-8.0.0.orig/src/nwfilter/nwfilter_driver.c
+++ libvirt-8.0.0/src/nwfilter/nwfilter_driver.c
@@ -478,11 +478,15 @@ nwfilterLookupByName(virConnectPtr conn,
 static int
 nwfilterConnectNumOfNWFilters(virConnectPtr conn)
 {
+    int ret;
     if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
         return -1;
 
-    return virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
-                                        virConnectNumOfNWFiltersCheckACL);
+    nwfilterDriverLock();
+    ret = virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
+                                           virConnectNumOfNWFiltersCheckACL);
+    nwfilterDriverUnlock();
+    return ret;
 }
Places

File a4947e8f-nwfilter-CVE-2022-0897.patch of Package libvirt.26629

Places
