[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] ATTN: Denial of service attack possible on libguestfs 1.21.x, libguestfs.1.22.0



This should fix it I think.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
>From ae8bb84ecd46d7b6ef557a87725923ac8d09dce0 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones redhat com>
Date: Fri, 31 May 2013 08:37:44 +0100
Subject: [PATCH] inspection: Don't segfault if /etc/SuSE-release is an empty
 file.

Related to CVE-2013-2124.

Thanks: Olaf Hering.
---
 src/inspect-fs-unix.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/inspect-fs-unix.c b/src/inspect-fs-unix.c
index 5fabaa2..da5fbf3 100644
--- a/src/inspect-fs-unix.c
+++ b/src/inspect-fs-unix.c
@@ -338,10 +338,11 @@ parse_suse_release (guestfs_h *g, struct inspect_fs *fs, const char *filename)
   if (lines == NULL)
     return -1;
 
+  if (lines[0] != NULL)
+    goto out;
+
   /* First line is dist release name */
   fs->product_name = safe_strdup (g, lines[0]);
-  if (fs->product_name == NULL)
-    goto out;
 
   /* Match SLES first because openSuSE regex overlaps some SLES release strings */
   if (match (g, fs->product_name, re_sles) || match (g, fs->product_name, re_nld)) {
-- 
1.8.2.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]