File 939b0818-CVE-2013-6458.patch of Package libvirt.openSUSE_13.1_Update

commit 939b0818c223cd6e7a59dcf94c8117dfc5df2604
Author: Jiri Denemark <jdenemar@redhat.com>
Date:   Fri Dec 20 15:08:06 2013 +0100

    qemu: Fix job usage in qemuDomainBlockCopy
    
    Every API that is going to begin a job should do that before fetching
    data from vm->def.
    
    (cherry picked from commit ff5f30b6bfa317f2a4c33f69289baf4e887eb048)

Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -14216,7 +14216,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
     virQEMUDriverPtr driver = conn->privateData;
     qemuDomainObjPrivatePtr priv;
     char *device = NULL;
-    virDomainDiskDefPtr disk;
+    virDomainDiskDefPtr disk = NULL;
     int ret = -1;
     int idx;
     struct stat st;
@@ -14231,29 +14231,32 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
     priv = vm->privateData;
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
                        _("domain is not running"));
-        goto cleanup;
+        goto endjob;
     }
 
     device = qemuDiskPathToAlias(vm, path, &idx);
     if (!device) {
-        goto cleanup;
+        goto endjob;
     }
     disk = vm->def->disks[idx];
     if (disk->mirror) {
         virReportError(VIR_ERR_BLOCK_COPY_ACTIVE,
                        _("disk '%s' already in active block copy job"),
                        disk->dst);
-        goto cleanup;
+        goto endjob;
     }
 
     if (!(virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DRIVE_MIRROR) &&
           virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKJOB_ASYNC))) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                        _("block copy is not supported with this QEMU binary"));
-        goto cleanup;
+        goto endjob;
     }
     if (vm->persistent) {
         /* XXX if qemu ever lets us start a new domain with mirroring
@@ -14262,17 +14265,9 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
          * this on persistent domains.  */
         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
                        _("domain is not transient"));
-        goto cleanup;
-    }
-
-    if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
-        goto cleanup;
-
-    if (!virDomainObjIsActive(vm)) {
-        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
-                       _("domain is not running"));
         goto endjob;
     }
+
     if (qemuDomainDetermineDiskChain(driver, disk, false) < 0)
         goto endjob;
 
@@ -14362,7 +14357,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
 endjob:
     if (need_unlink && unlink(dest))
         VIR_WARN("unable to unlink just-created %s", dest);
-    if (ret < 0)
+    if (ret < 0 && disk)
         disk->mirrorFormat = VIR_STORAGE_FILE_NONE;
     VIR_FREE(mirror);
     if (qemuDomainObjEndJob(driver, vm) == 0) {