Re: [libvirt] [PATCH] security: plug regression introduced in disk probe logic

Wednesday, 1 June 2011

2011/6/1 Eric Blake <eblake(a)redhat.com&gt;:
...
 Regression introduced in commit d6623003 (v0.8.8) - using the
 wrong sizeof operand meant that security manager private data
 was overlaying the allowDiskFOrmatProbing member of struct 
s/FOrmat/Format/

...
 _virSecurityManager.  This reopens disk probing, which was
 supposed to be prevented by the solution to CVE-2010-2238.

 * src/security/security_manager.c
 (virSecurityManagerGetPrivateData): Use correct offset.
 ---
  src/security/security_manager.c |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

 diff --git a/src/security/security_manager.c b/src/security/security_manager.c
 index 0246dd8..833c1a2 100644
 --- a/src/security/security_manager.c
 +++ b/src/security/security_manager.c
 @@ -107,7 +107,7 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,

  void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
  {
 -    return ((char*)mgr) + sizeof(mgr);
 +    return ((char*)mgr) + sizeof(*mgr);
  } 
ACK.

Matthias

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] [PATCH] security: plug regression introduced in disk probe logic