[Pkg-libvirt-commits] [libvirt] 01/02: virFileNBDDeviceAssociate: Avoid use of uninitialized variable

Guido Guenther agx at alioth.debian.org
Mon Sep 9 07:52:00 UTC 2013 

This is an automated email from the git hooks/post-receive script.

agx pushed a commit to annotated tag debian/1.1.2-2
in repository libvirt.

commit f5f3818812b3d3c76d5b4834deb15e4b35e4c798
Author: Guido Günther <agx at sigxcpu.org>
Date:   Mon Sep 9 09:21:14 2013 +0200

    virFileNBDDeviceAssociate: Avoid use of uninitialized variable
    
    This fixes CVE-2013-4297.
    
    Thanks: Michal Privoznik
---
 debian/patches/series                              |    1 +
 ...eviceAssociate-Avoid-use-of-uninitialized.patch |   22 ++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/debian/patches/series b/debian/patches/series
index 431fa27..328e080 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,3 +12,4 @@ debian/Debianize-systemd-service-files.patch
 Allow-xen-toolstack-to-find-it-s-binaries.patch
 Fix-make-check-not-finding-finding-the-libvirtd-lens.patch
 Parse-AM_LDFLAGS-to-driver-modules-too.patch
+virFileNBDDeviceAssociate-Avoid-use-of-uninitialized.patch
diff --git a/debian/patches/virFileNBDDeviceAssociate-Avoid-use-of-uninitialized.patch b/debian/patches/virFileNBDDeviceAssociate-Avoid-use-of-uninitialized.patch
new file mode 100644
index 0000000..97218c3
--- /dev/null
+++ b/debian/patches/virFileNBDDeviceAssociate-Avoid-use-of-uninitialized.patch
@@ -0,0 +1,22 @@
+From: Michal Privoznik <mprivozn at redhat.com>
+Date: Tue, 3 Sep 2013 18:56:06 +0200
+Subject: virFileNBDDeviceAssociate: Avoid use of uninitialized variable
+
+The @qemunbd variable can be used uninitialized.
+---
+ src/util/virfile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/util/virfile.c b/src/util/virfile.c
+index 2b07ac9..7af0843 100644
+--- a/src/util/virfile.c
++++ b/src/util/virfile.c
+@@ -732,7 +732,7 @@ int virFileNBDDeviceAssociate(const char *file,
+                               char **dev)
+ {
+     char *nbddev;
+-    char *qemunbd;
++    char *qemunbd = NULL;
+     virCommandPtr cmd = NULL;
+     int ret = -1;
+     const char *fmtstr = NULL;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libvirt.git

More information about the Pkg-libvirt-commits mailing list