rpms / libvirt

Clone
Source Code
GIT

Blame SOURCES/libvirt-storage-Fix-daemon-crash-on-lookup-storagepool-by-targetpath.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale
  1.   3cf99237563e5321a3ac9d3c84963011b35201d5
  2.   SOURCES
  3.   libvirt-storage-Fix-daemon-crash-on-lookup-storagepool-by-targetpath.patch
Blob History Raw
03cc27 
From 803a78645bdde8369ead4bc2f63fa878b2ac8d18 Mon Sep 17 00:00:00 2001
03cc27 
Message-Id: <803a78645bdde8369ead4bc2f63fa878b2ac8d18@dist-git>
03cc27 
From: Yi Li <yili@winhong.com>
03cc27 
Date: Thu, 30 Apr 2020 09:49:12 -0400
03cc27 
Subject: [PATCH] storage: Fix daemon crash on lookup storagepool by targetpath
03cc27
03cc27 
Causing a crash when storagePoolLookupByTargetPath beacuse of
03cc27 
Some types of storage pool have no target elements.
03cc27 
Use STREQ_NULLABLE instead of STREQ
03cc27 
Avoids segfaults when using NULL arguments.
03cc27
03cc27 
Core was generated by `/usr/sbin/libvirtd'.
03cc27 
Program terminated with signal 11, Segmentation fault.
03cc27 
(gdb) bt
03cc27 
0  0x0000ffff9e951388 in strcmp () from /lib64/libc.so.6
03cc27 
1  0x0000ffff92103e9c in storagePoolLookupByTargetPathCallback (
03cc27 
    obj=0xffff7009aab0, opaque=0xffff801058b0) at storage/storage_driver.c:1649
03cc27 
2  0x0000ffff9f2c52a4 in virStoragePoolObjListSearchCb (
03cc27 
    payload=0xffff801058b0, name=<optimized out>, opaque=<optimized out>)
03cc27 
    at conf/virstorageobj.c:476
03cc27 
3  0x0000ffff9f1f2f7c in virHashSearch (ctable=0xffff800f4f60,
03cc27 
    iter=iter@entry=0xffff9f2c5278 <virStoragePoolObjListSearchCb>,
03cc27 
    data=data@entry=0xffff95af7488, name=name@entry=0x0) at util/virhash.c:696
03cc27 
4  0x0000ffff9f2c64f0 in virStoragePoolObjListSearch (pools=0xffff800f2ce0,
03cc27 
    searcher=searcher@entry=0xffff92103e68 <storagePoolLookupByTargetPathCallback>,
03cc27 
     opaque=<optimized out>) at conf/virstorageobj.c:505
03cc27 
5  0x0000ffff92101f54 in storagePoolLookupByTargetPath (conn=0xffff5c0009f0,
03cc27 
path=0xffff7009a850 "/vms/images") at storage/storage_driver.c:1672
03cc27
03cc27 
Reviewed-by: Cole Robinson <crobinso@redhat.com>
03cc27 
Signed-off-by: Yi Li <yili@winhong.com>
03cc27 
(cherry picked from commit dfff16a7c261f8d28e3abe60a47165f845fa952f)
03cc27
03cc27 
CVE-2020-10703
03cc27
03cc27 
Signed-off-by: Cole Robinson <crobinso@redhat.com>
03cc27 
Message-Id: <b15361aee7febad6be8d0b5f7973c9ed48f0910f.1588254371.git.crobinso@redhat.com>
03cc27 
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
03cc27 
---
03cc27 
 src/storage/storage_driver.c | 2 +-
03cc27 
 1 file changed, 1 insertion(+), 1 deletion(-)
03cc27
03cc27 
diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
03cc27 
index 254818e308..f82f38d5e5 100644
03cc27 
--- a/src/storage/storage_driver.c
03cc27 
+++ b/src/storage/storage_driver.c
03cc27 
@@ -1647,7 +1647,7 @@ storagePoolLookupByTargetPathCallback(virStoragePoolObjPtr obj,
03cc27 
         return false;
03cc27
03cc27 
     def = virStoragePoolObjGetDef(obj);
03cc27 
-    return STREQ(path, def->target.path);
03cc27 
+    return STREQ_NULLABLE(path, def->target.path);
03cc27 
 }
03cc27
03cc27
03cc27 
--
03cc27 
2.26.2
03cc27

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation