[libvirt] [PATCH] Fix crash when multiple event callbacks were registered

Ján Tomko jtomko at redhat.com
Wed Jul 10 10:59:48 UTC 2013


CVE-2013-2230

Don't overwrite the callback ID returned by
virDomainEventStateRegisterID in ret by 0.

Introduced by abf75aea.
---
 src/qemu/qemu_driver.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 571d1f8..b0180c9 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -10043,9 +10043,7 @@ qemuConnectDomainEventRegisterAny(virConnectPtr conn,
                                       driver->domainEventState,
                                       dom, eventID,
                                       callback, opaque, freecb, &ret) < 0)
-        goto cleanup;
-
-    ret = 0;
+        ret = -1;
 
 cleanup:
     return ret;
-- 
1.8.1.5




More information about the libvir-list mailing list