Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:11.4:Update
libvirt.import5774
b598ac55-CVE-2011-2178.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File b598ac55-CVE-2011-2178.patch of Package libvirt.import5774
commit b598ac555c8fe67ffc39ac8ef25fe7e6b28ae3f2 Author: Eric Blake <eblake@redhat.com> Date: Thu May 26 08:18:46 2011 -0600 security: plug regression introduced in disk probe logic Regression introduced in commit d6623003 (v0.8.8) - using the wrong sizeof operand meant that security manager private data was overlaying the allowDiskFormatProbing member of struct _virSecurityManager. This reopens disk probing, which was supposed to be prevented by the solution to CVE-2010-2238. * src/security/security_manager.c (virSecurityManagerGetPrivateData): Use correct offset. diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 0246dd8..6f0becd 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -107,7 +107,9 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name, void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr) { - return ((char*)mgr) + sizeof(mgr); + /* This accesses the memory just beyond mgr, which was allocated + * via VIR_ALLOC_VAR earlier. */ + return mgr + 1; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor