Overview

File 82daa87f-CVE-2013-6458.patch of Package libvirt.openSUSE_13.1_Update

commit 82daa87f6a020ba2d1274b300f8e95f903fbe0f8
Author: Jiri Denemark <jdenemar@redhat.com>
Date:   Fri Dec 20 15:41:04 2013 +0100

    qemu: Fix job usage in virDomainGetBlockIoTune
    
    CVE-2013-6458
    
    Every API that is going to begin a job should do that before fetching
    data from vm->def.
    
    (cherry picked from commit 3b56425938e2f97208d5918263efa0d6439e4ecd)

Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -14851,12 +14851,6 @@ qemuDomainGetBlockIoTune(virDomainPtr do
         goto cleanup;
     }
 
-    device = qemuDiskPathToAlias(vm, disk, NULL);
-
-    if (!device) {
-        goto cleanup;
-    }
-
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -14864,6 +14858,11 @@ qemuDomainGetBlockIoTune(virDomainPtr do
                                         &persistentDef) < 0)
         goto endjob;
 
+    device = qemuDiskPathToAlias(vm, disk, NULL);
+    if (!device) {
+        goto endjob;
+    }
+
     if (flags & VIR_DOMAIN_AFFECT_LIVE) {
         priv = vm->privateData;
         qemuDomainObjEnterMonitor(driver, vm);
openSUSE Build Service is sponsored by
Places