[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 1/3] virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array



On 08/16/2013 04:32 AM, Peter Krempa wrote:
> The virBitmapParse function was calling virBitmapIsSet() function that
> requires the caller to check the bounds of the bitmap without checking
> them. This resulted into crashes when parsing a bitmap string that was
> exceeding the bounds used as argument.
> 
> This patch refactors the function to use virBitmapSetBit without
> checking if the bit is set (this function does the checks internally)
> and then counts the bits in the bitmap afterwards (instead of keeping
> track while parsing the string).
> 
> This patch also changes the "parse_error" label to a more common
> "error".
> 
> The refactor should also get rid of the need to call sa_assert on the
> returned variable as the callpath should allow coverity to infer the
> possible return values.
> 
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997367
> 
> Thanks to Alex Jia for tracking down the issue.
> ---
>  src/util/virbitmap.c | 38 +++++++++++++++-----------------------
>  1 file changed, 15 insertions(+), 23 deletions(-)

This patch is the fix for CVE-2013-5651.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]