[Pkg-libvirt-commits] [SCM] Libvirt debian packaging branch, master, updated. debian/0.5.1-6-8-g8737618

Guido Günther agx at sigxcpu.org
Fri Feb 27 17:07:47 UTC 2009 

The following commit has been merged in the master branch:
commit 1c9a023b81091e9fc62707dbc8f4ea5fe162b514
Author: Guido Günther <agx at sigxcpu.org>
Date:   Thu Feb 26 14:43:13 2009 +0100

    libvirt_proxy: Fix use of uninitalized memory
    
    We currently don't build this code (CVE-2009-0036).

diff --git a/debian/patches/0009-libvirt_proxy-Fix-use-of-uninitalized-memory.patch b/debian/patches/0009-libvirt_proxy-Fix-use-of-uninitalized-memory.patch
new file mode 100644
index 0000000..a5fa28c
--- /dev/null
+++ b/debian/patches/0009-libvirt_proxy-Fix-use-of-uninitalized-memory.patch
@@ -0,0 +1,30 @@
+From: Rasputin <rasputin at email.ru>
+Date: Tue, 27 Jan 2009 21:33:12 +0300
+Subject: [PATCH] libvirt_proxy: Fix use of uninitalized memory
+
+On short read, members of packet header are checked before actually read.
+If uninitialized values can pass the test, they can be set to arbitrary
+values while reading remaining portion of a packet.
+
+Buffer overflow is possible. libvirt_proxy is suid-root.
+
+CVE-2009-0036
+---
+ proxy/libvirt_proxy.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/proxy/libvirt_proxy.c b/proxy/libvirt_proxy.c
+index 3b0dc42..8657f62 100644
+--- a/proxy/libvirt_proxy.c
++++ b/proxy/libvirt_proxy.c
+@@ -385,7 +385,8 @@ retry:
+         fprintf(stderr, "read %d bytes from client %d on socket %d\n",
+                 ret, nr, pollInfos[nr].fd);
+ 
+-    if ((req->version != PROXY_PROTO_VERSION) ||
++    if ((ret != sizeof(virProxyPacket)) ||
++        (req->version != PROXY_PROTO_VERSION) ||
+         (req->len < sizeof(virProxyPacket)) ||
+         (req->len > sizeof(virProxyFullPacket)))
+         goto comm_error;
+-- 
diff --git a/debian/patches/series b/debian/patches/series
index ff360a9..9f9f019 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@
 0006-Fix-missing-read-only-access-checks-CVE-2008-5086.patch
 0007-don-t-fail-on-missing-locales.patch
 0008-Don-t-hardcode-ssh-port.patch
+0009-libvirt_proxy-Fix-use-of-uninitalized-memory.patch

-- 
Libvirt debian packaging

More information about the Pkg-libvirt-commits mailing list