[Pkg-libvirt-commits] [SCM] Libvirt Debian packaging branch, master, updated. debian/0.9.12-5

[Guido Günther]

The following commit has been merged in the master branch:
commit c0f4995b165da039db219612da64b73fea1d6490
Author: Guido Günther <agx at sigxcpu.org>
Date:   Fri Sep 14 22:34:06 2012 +0200

    New patch security-Fix-libvirtd-crash-possibility.patch
    
    Fix libvirtd crash possibility (CVE-2012-4423)
    Thanks: Martin Kletzander
    Closes: #687598

diff --git a/debian/patches/security/security-Fix-libvirtd-crash-possibility.patch b/debian/patches/security/security-Fix-libvirtd-crash-possibility.patch
new file mode 100644
index 0000000..0e84aba
--- /dev/null
+++ b/debian/patches/security/security-Fix-libvirtd-crash-possibility.patch
@@ -0,0 +1,55 @@
+From: Martin Kletzander <mkletzan at redhat.com>
+Date: Wed, 12 Sep 2012 23:43:26 +0200
+Subject: security: Fix libvirtd crash possibility
+
+Fix for CVE-2012-4423.
+
+When generating RPC protocol messages, it's strictly needed to have a
+continuous line of numbers or RPC messages. However in case anyone
+tries backporting some functionality and will skip a number, there is
+a possibility to make the daemon segfault with newer virsh (version of
+the library, rpc call, etc.) even unintentionally.
+
+The problem is that the skipped numbers will get func filled with
+NULLs, but there is no check whether these are set before the daemon
+tries to run them. This patch very simply enhances one check and fixes
+that.
+
+---
+ src/rpc/virnetserverprogram.c |   11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/rpc/virnetserverprogram.c b/src/rpc/virnetserverprogram.c
+index 7f589c8..5439878 100644
+--- a/src/rpc/virnetserverprogram.c
++++ b/src/rpc/virnetserverprogram.c
+@@ -1,7 +1,7 @@
+ /*
+  * virnetserverprogram.c: generic network RPC server program
+  *
+- * Copyright (C) 2006-2011 Red Hat, Inc.
++ * Copyright (C) 2006-2012 Red Hat, Inc.
+  * Copyright (C) 2006 Daniel P. Berrange
+  *
+  * This library is free software; you can redistribute it and/or
+@@ -101,12 +101,19 @@ int virNetServerProgramMatches(virNetServerProgramPtr prog,
+ static virNetServerProgramProcPtr virNetServerProgramGetProc(virNetServerProgramPtr prog,
+                                                              int procedure)
+ {
++    virNetServerProgramProcPtr proc;
++
+     if (procedure < 0)
+         return NULL;
+     if (procedure >= prog->nprocs)
+         return NULL;
+ 
+-    return &prog->procs[procedure];
++    proc = &prog->procs[procedure];
++
++    if (!proc->func)
++        return NULL;
++
++    return proc;
+ }
+ 
+ unsigned int
diff --git a/debian/patches/series b/debian/patches/series
index df1449d..85d5973 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,4 @@ Only-check-for-cluster-fs-if-we-re-using-a-filesyste.patch
 Reduce-udevadm-settle-timeout-to-10-seconds.patch
 Include-stdint.h-for-uint32_t.patch
 security/CVE-2012-3445.patch
+security/security-Fix-libvirtd-crash-possibility.patch

-- 
Libvirt Debian packaging