On 09/12/2012 04:44 PM, Martin Kletzander wrote:
When generating RPC protocol messages, it's strictly needed to
have
continuousline of numbers or RPC messages. However in case anyone
tries backporting some functionality and will skip a number, there is
a possibility to make the daemon segfault with newer virsh (version of
the library, rpc call, etc.) even unintentionally.
The problem is that the skipped numbers will get func filled with
NULLs, but there is no check whether these are set before the daemon
tries to run them. This patch very simply enhances one check and fixes
that.
---
src/rpc/virnetserverprogram.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
Given that this fixes CVE-2012-4423, I have gone and backported it to
v0.9.6-maint and v0.9.11-maint.
https://bugzilla.redhat.com/show_bug.cgi?id=857135
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org