[libvirt] [PATCH] util: Fix crash of libvirtd when running numatune with invalid nodeset

Eric Blake eblake at redhat.com
Fri Aug 16 11:42:09 UTC 2013


On 08/16/2013 01:47 AM, Alex Jia wrote:
> This issue is introduced by commit 0fc8909, the virBitmapIsSet() needs caller
> to ensure 'b < bitmap->max_bit', but it's lost in the virBitmapParse() caller,
> this will cause crash of libvirtd, with the patch, libvirtd no crash and can
> get a expected error "Failed to parse nodeset".
> 

> ---
> The caller virBitmapGetBit() can make sure 'b < bitmap->max_bit', so don't
> need to worry about higher caller for the virBitmapGetBit(), but the
> virBitmapParse() is called by many XML parser function, not sure which one
> can crash libvirtd with read-only client then probably require a CVE, I haven't
> a good way to check them now and only manually check them one by one.

If you are worried that a bug might be a CVE, it is best to practice
responsible disclosure, and NOT post the patch upstream, but instead
post to libvirt-security at redhat.com.  That way, the problem can be
discussed without public disclosure, rather than calling attention to
the fact and making it easier to design a 0-day exploit.  But now that
this is already publicly disclosed, we have to hurry up both the fix,
and our analysis of whether it is exploitable.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130816/269de5ca/attachment-0001.sig>


More information about the libvir-list mailing list