File 3e745e8f-CVE-2014-3633.patch of Package libvirt.1263

Overview Repositories Revisions Requests Users Attributes Meta

File 3e745e8f-CVE-2014-3633.patch of Package libvirt.1263

commit 3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
Author: Peter Krempa <pkrempa@redhat.com>
Date:   Thu Sep 11 16:35:53 2014 +0200

CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk
    
    Live definition was used to look up the disk index while persistent one
    was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the
    correct def and report a nice error.
    
    Unfortunately it's accessible via read-only connection, though it can
    only crash libvirtd in the cases where the guest is hot-plugging disks
    without reflecting those changes to the persistent definition.  So
    avoiding hotplug, or doing hotplug where persistent is always modified
    alongside live definition, will avoid the out-of-bounds access.
    
    Introduced in: eca96694a7f992be633d48d5ca03cedc9bbc3c9aa (v0.9.8)
    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724
    Reported-by: Luyao Huang <lhuang@redhat.com>
    Signed-off-by: Peter Krempa <pkrempa@redhat.com>

Index: libvirt-1.2.5/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.2.5.orig/src/qemu/qemu_driver.c
+++ libvirt-1.2.5/src/qemu/qemu_driver.c
@@ -15873,9 +15873,13 @@ qemuDomainGetBlockIoTune(virDomainPtr do
     }
 
     if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
-        int idx = virDomainDiskIndexByName(vm->def, disk, true);
-        if (idx < 0)
+        int idx = virDomainDiskIndexByName(persistentDef, disk, true);
+        if (idx < 0) {
+            virReportError(VIR_ERR_INVALID_ARG,
+                           _("disk '%s' was not found in the domain config"),
+                           disk);
             goto endjob;
+        }
         reply = persistentDef->disks[idx]->blkdeviotune;
     }

Places

File 3e745e8f-CVE-2014-3633.patch of Package libvirt.1263

Places