[libvirt] [PATCH] security: plug regression introduced in disk probe logic

Tuesday, 31 May 2011

Regression introduced in commit d6623003 (v0.8.8) - using the
wrong sizeof operand meant that security manager private data
was overlaying the allowDiskFOrmatProbing member of struct
_virSecurityManager.  This reopens disk probing, which was
supposed to be prevented by the solution to CVE-2010-2238.

* src/security/security_manager.c
(virSecurityManagerGetPrivateData): Use correct offset.
---
 src/security/security_manager.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 0246dd8..833c1a2 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -107,7 +107,7 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,

 void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
 {
-    return ((char*)mgr) + sizeof(mgr);
+    return ((char*)mgr) + sizeof(*mgr);
 }


-- 
1.7.4.4


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH] security: plug regression introduced in disk probe logic