[libvirt] [PATCH] daemon: fix leak after listing all volumes
CVE-2013-1962 remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool. The pool also held a reference to the connection, preventing it from getting freed and closing the netcf interface driver, which held two sockets open. --- daemon/remote.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/daemon/remote.c b/daemon/remote.c index 1d21478..af89e60 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -4202,6 +4202,8 @@ cleanup: virStorageVolFree(vols[i]); VIR_FREE(vols); } + if (pool) + virStoragePoolFree(pool); return rv; } -- 1.8.1.5
On 05/16/2013 08:03 AM, Ján Tomko wrote:
CVE-2013-1962
remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool. The pool also held a reference to the connection, preventing it from getting freed and closing the netcf interface driver, which held two sockets open. --- daemon/remote.c | 2 ++ 1 file changed, 2 insertions(+)
ACK. Embargo expired today; let's get this backported to v0.10.2-maint and beyond so we can cut new maintenance releases on the affected branch and make it easier for distros to ensure they have this CVE plugged. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
On 05/16/2013 04:06 PM, Eric Blake wrote:
On 05/16/2013 08:03 AM, Ján Tomko wrote:
CVE-2013-1962
remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool. The pool also held a reference to the connection, preventing it from getting freed and closing the netcf interface driver, which held two sockets open. --- daemon/remote.c | 2 ++ 1 file changed, 2 insertions(+)
ACK. Embargo expired today; let's get this backported to v0.10.2-maint and beyond so we can cut new maintenance releases on the affected branch and make it easier for distros to ensure they have this CVE plugged.
Thanks, I've pushed it to master and all the maint branches from v0.10.2. Jan
participants (2)
-
Eric Blake -
Ján Tomko