Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:13.1
libvirt
e4697b92-CVE-2013-4311.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File e4697b92-CVE-2013-4311.patch of Package libvirt
commit e4697b92abaad16e8e6b41a1e55be9b084d48d5a Author: Daniel P. Berrange <berrange@redhat.com> Date: Mon Sep 23 12:46:25 2013 +0100 Fix typo in identity code which is pre-requisite for CVE-2013-4311 The fix for CVE-2013-4311 had a pre-requisite enhancement to the identity code commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176 Author: Daniel P. Berrange <berrange@redhat.com> Date: Thu Aug 22 16:00:01 2013 +0100 Also store user & group ID values in virIdentity This had a typo which caused the group ID to overwrite the user ID string. This meant any checks using this would have the wrong ID value. This only affected the ACL code, not the initial polkit auth. It also leaked memory. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Index: libvirt-1.1.2/src/rpc/virnetserverclient.c =================================================================== --- libvirt-1.1.2.orig/src/rpc/virnetserverclient.c +++ libvirt-1.1.2/src/rpc/virnetserverclient.c @@ -678,7 +678,7 @@ virNetServerClientCreateIdentity(virNetS goto cleanup; if (!(groupname = virGetGroupName(gid))) goto cleanup; - if (virAsprintf(&userid, "%d", (int)gid) < 0) + if (virAsprintf(&groupid, "%d", (int)gid) < 0) goto cleanup; if (virAsprintf(&processid, "%llu", (unsigned long long)pid) < 0)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor