Overview

File 52c40003-CVE-2013-6457.patch of Package libvirt.openSUSE_13.1_Update

commit 52c40003805f1702f103095dc5c3d00cf38e7a82
Author: Dario Faggioli <dario.faggioli@citrix.com>
Date:   Fri Dec 20 16:29:47 2013 +0100

    libxl: avoid crashing if calling `virsh numatune' on inactive domain
    
    by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as
    possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose()
    happens, without having initialized the nodemap, and hence crashing after some
    invalid free()-s:
    
     # ./daemon/libvirtd -v
     *** Error in `/home/xen/libvirt.git/daemon/.libs/lt-libvirtd': munmap_chunk(): invalid pointer: 0x00007fdd42592666 ***
     ======= Backtrace: =========
     /lib64/libc.so.6(+0x7bbe7)[0x7fdd3f767be7]
     /lib64/libxenlight.so.4.3(libxl_bitmap_dispose+0xd)[0x7fdd2c88c045]
     /home/xen/libvirt.git/daemon/.libs/../../src/.libs/libvirt_driver_libxl.so(+0x12d26)[0x7fdd2caccd26]
     /home/xen/libvirt.git/src/.libs/libvirt.so.0(virDomainGetNumaParameters+0x15c)[0x7fdd4247898c]
     /home/xen/libvirt.git/daemon/.libs/lt-libvirtd(+0x1d9a2)[0x7fdd42ecc9a2]
     /home/xen/libvirt.git/src/.libs/libvirt.so.0(virNetServerProgramDispatch+0x3da)[0x7fdd424e9eaa]
     /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0x1a6f38)[0x7fdd424e3f38]
     /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa81e5)[0x7fdd423e51e5]
     /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa783e)[0x7fdd423e483e]
     /lib64/libpthread.so.0(+0x7c53)[0x7fdd3febbc53]
     /lib64/libc.so.6(clone+0x6d)[0x7fdd3f7e1dbd]
    
    Signed-off-by: Dario Faggili <dario.faggioli@citrix.com>
    Cc: Jim Fehlig <jfehlig@suse.com>
    Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
    (cherry picked from commit f9ee91d35510ccbc6fc42cef8864b291b2d220f4)
    
    Conflicts:
    	src/libxl/libxl_driver.c

Index: libvirt-1.1.2/src/libxl/libxl_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/libxl/libxl_driver.c
+++ libvirt-1.1.2/src/libxl/libxl_driver.c
@@ -4682,6 +4682,8 @@ libxlDomainGetNumaParameters(virDomainPt
      * the filtering on behalf of older clients that can't parse it. */
     flags &= ~VIR_TYPED_PARAM_STRING_OKAY;
 
+    libxl_bitmap_init(&nodemap);
+
     libxlDriverLock(driver);
     vm = virDomainObjListFindByUUID(driver->domains, dom->uuid);
     libxlDriverUnlock(driver);
@@ -4703,8 +4705,6 @@ libxlDomainGetNumaParameters(virDomainPt
 
     priv = vm->privateData;
 
-    libxl_bitmap_init(&nodemap);
-
     if ((*nparams) == 0) {
         *nparams = LIBXL_NUMA_NPARAM;
         ret = 0;
openSUSE Build Service is sponsored by
Places