diff options
Diffstat (limited to 'main/libvirt/CVE-2020-12430.patch')
-rw-r--r-- | main/libvirt/CVE-2020-12430.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/main/libvirt/CVE-2020-12430.patch b/main/libvirt/CVE-2020-12430.patch new file mode 100644 index 00000000000..0d2b9e0f754 --- /dev/null +++ b/main/libvirt/CVE-2020-12430.patch @@ -0,0 +1,44 @@ +From 9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 Mon Sep 17 00:00:00 2001 +From: Peter Krempa <pkrempa@redhat.com> +Date: Wed, 19 Feb 2020 08:40:59 +0100 +Subject: [PATCH] qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +qemuMonitorGetIOThreads returns a NULL-terminated list even when 0 +iothreads are present. The caller didn't perform cleanup if there were 0 +iothreads leaking the array. + +https://bugzilla.redhat.com/show_bug.cgi?id=1804548 + +Fixes: d1eac92784573559b6fd56836e33b215c89308e3 +Reported-by: Jing Yan <jiyan@redhat.com> +Signed-off-by: Peter Krempa <pkrempa@redhat.com> +Reviewed-by: Ján Tomko <jtomko@redhat.com> +--- + src/qemu/qemu_driver.c | 8 ++++++-- + 1 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index f686b85..39e1f04 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -21759,8 +21759,12 @@ qemuDomainGetStatsIOThread(virQEMUDriverPtr driver, + if ((niothreads = qemuDomainGetIOThreadsMon(driver, dom, &iothreads)) < 0) + return -1; + +- if (niothreads == 0) +- return 0; ++ /* qemuDomainGetIOThreadsMon returns a NULL-terminated list, so we must free ++ * it even if it returns 0 */ ++ if (niothreads == 0) { ++ ret = 0; ++ goto cleanup; ++ } + + if (virTypedParamListAddUInt(params, niothreads, "iothread.count") < 0) + goto cleanup; +-- +1.7.1 + |