Re: [libvirt] [PATCH] security: plug regression introduced in disk probe logic
On 05/31/2011 05:35 PM, Eric Blake wrote:
Regression introduced in commit d6623003 (v0.8.8) - using the
wrong sizeof operand meant that security manager private data
was overlaying the allowDiskFOrmatProbing member of struct
_virSecurityManager. This reopens disk probing, which was
supposed to be prevented by the solution to CVE-2010-2238.
* src/security/security_manager.c
(virSecurityManagerGetPrivateData): Use correct offset.
---
src/security/security_manager.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 0246dd8..833c1a2 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -107,7 +107,7 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
{
- return ((char*)mgr) + sizeof(mgr);
+ return ((char*)mgr) + sizeof(*mgr);
I suppose I could have used:
return mgr + 1;
instead, since that gives the same address with less typing. Any
preferences on which form to commit?
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)