[libvirt] [PATCH 1/3] Fix typo in identity code which is pre-requisite for CVE-2013-4311
Eric Blake
eblake at redhat.com
Mon Sep 23 14:11:10 UTC 2013
On 09/23/2013 05:46 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> The fix for CVE-2013-4311 had a pre-requisite enhancement
> to the identity code
>
> commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176
> Author: Daniel P. Berrange <berrange at redhat.com>
> Date: Thu Aug 22 16:00:01 2013 +0100
>
> Also store user & group ID values in virIdentity
>
> This had a typo which caused the group ID to overwrite the
> user ID string. This meant any checks using this would have
> the wrong ID value. This only affected the ACL code, not the
> initial polkit auth. It also leaked memory.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> src/rpc/virnetserverclient.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
ACK
>
> diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
> index 19c4100..0b9ab52 100644
> --- a/src/rpc/virnetserverclient.c
> +++ b/src/rpc/virnetserverclient.c
> @@ -678,7 +678,7 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
> goto cleanup;
> if (!(groupname = virGetGroupName(gid)))
> goto cleanup;
> - if (virAsprintf(&userid, "%d", (int)gid) < 0)
> + if (virAsprintf(&groupid, "%d", (int)gid) < 0)
> goto cleanup;
> if (virAsprintf(&processid, "%llu",
> (unsigned long long)pid) < 0)
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130923/4058615e/attachment-0001.sig>
More information about the libvir-list
mailing list