提交 b7ff9e69 编写于 作者: M Martin Kletzander

security: Fix libvirtd crash possibility

Fix for CVE-2012-4423.

When generating RPC protocol messages, it's strictly needed to have a
continuous line of numbers or RPC messages. However in case anyone
tries backporting some functionality and will skip a number, there is
a possibility to make the daemon segfault with newer virsh (version of
the library, rpc call, etc.) even unintentionally.

The problem is that the skipped numbers will get func filled with
NULLs, but there is no check whether these are set before the daemon
tries to run them. This patch very simply enhances one check and fixes
that.
上级 ac89a611
master openEuler-20.03-LTS openEuler-20.09 v0.10.2-maint v1.0.0-maint v1.0.1-maint v1.0.2-maint v1.0.3-maint v1.0.4-maint v1.0.5-maint v1.0.6-maint v1.1.0-maint v1.1.1-maint v1.1.2-maint v1.1.3-maint v1.1.4-maint v1.2.0-maint v1.2.1-maint v1.2.10-maint v1.2.11-maint v1.2.12-maint v1.2.13-maint v1.2.14-maint v1.2.15-maint v1.2.16-maint v1.2.17-maint v1.2.18-maint v1.2.19-maint v1.2.2-maint v1.2.20-maint v1.2.21-maint v1.2.3-maint v1.2.4-maint v1.2.5-maint v1.2.6-maint v1.2.7-maint v1.2.8-maint v1.2.9-maint v1.3.0-maint v1.3.1-maint v1.3.2-maint v1.3.3-maint v1.3.4-maint v1.3.5-maint v2.0-maint v2.1-maint v2.2-maint v3.0-maint v3.2-maint v3.7-maint v4.1-maint v4.10-maint v4.2-maint v4.3-maint v4.4-maint v4.5-maint v4.6-maint v4.7-maint v4.8-maint v4.9-maint v5.0-maint v5.1-maint v5.1.0-maint v5.2-maint v5.3-maint v6.5.0-rc2 v6.5.0-rc1 v6.4.0 v6.4.0-rc1 v6.3.0 v6.3.0-rc1 v6.2.0 v6.2.0-rc1 v6.1.0 v6.1.0-rc2 v6.1.0-rc1 v6.0.0 v6.0.0-rc2 v6.0.0-rc1 v5.10.0 v5.10.0-rc2 v5.10.0-rc1 v5.9.0 v5.9.0-rc1 v5.8.0 v5.8.0-rc2 v5.8.0-rc1 v5.7.0 v5.7.0-rc2 v5.7.0-rc1 v5.6.0 v5.6.0-rc2 v5.6.0-rc1 v5.5.0 v5.5.0-rc2 v5.5.0-rc1 v5.4.0 v5.4.0-rc2 v5.4.0-rc1 v5.3.0 v5.3.0-rc2 v5.3.0-rc1 v5.2.0 v5.2.0-rc2 v5.2.0-rc1 v5.1.0 v5.1.0-rc2 v5.1.0-rc1 v5.0.0 v5.0.0-rc2 v5.0.0-rc1 v4.10.0 v4.10.0-rc2 v4.10.0-rc1 v4.9.0 v4.9.0-rc1 v4.8.0 v4.8.0-rc2 v4.8.0-rc1 v4.7.0 v4.7.0-rc2 v4.7.0-rc1 v4.6.0 v4.6.0-rc2 v4.6.0-rc1 v4.5.0 v4.5.0-rc2 v4.5.0-rc1 v4.4.0 v4.4.0-rc2 v4.4.0-rc1 v4.3.0 v4.3.0-rc2 v4.3.0-rc1 v4.2.0 v4.2.0-rc2 v4.2.0-rc1 v4.1.0 v4.1.0-rc2 v4.1.0-rc1 v4.0.0 v4.0.0-rc2 v4.0.0-rc1 v3.10.0 v3.10.0-rc2 v3.10.0-rc1 v3.9.0 v3.9.0-rc2 v3.9.0-rc1 v3.8.0 v3.8.0-rc1 v3.7.0 v3.7.0-rc2 v3.7.0-rc1 v3.6.0 v3.6.0-rc2 v3.6.0-rc1 v3.5.0 v3.5.0-rc2 v3.5.0-rc1 v3.4.0 v3.4.0-rc2 v3.4.0-rc1 v3.3.0 v3.3.0-rc2 v3.3.0-rc1 v3.2.1 v3.2.0 v3.2.0-rc2 v3.2.0-rc1 v3.1.0 v3.1.0-rc2 v3.1.0-rc1 v3.0.0 v3.0.0-rc2 v3.0.0-rc1 v2.5.0 v2.5.0-rc2 v2.5.0-rc1 v2.4.0 v2.4.0-rc2 v2.4.0-rc1 v2.3.0 v2.3.0-rc2 v2.3.0-rc1 v2.2.1 v2.2.0 v2.2.0-rc2 v2.2.0-rc1 v2.1.0 v2.1.0-rc1 v2.0.0 v2.0.0-rc2 v2.0.0-rc1 v1.3.5 v1.3.5-rc1 v1.3.4 v1.3.4-rc2 v1.3.4-rc1 v1.3.3.3 v1.3.3.2 v1.3.3.1 v1.3.3 v1.3.3-rc2 v1.3.3-rc1 v1.3.2 v1.3.2-rc2 v1.3.2-rc1 v1.3.1 v1.3.1-rc2 v1.3.1-rc1 v1.3.0 v1.3.0-rc2 v1.3.0-rc1 v1.2.21 v1.2.21-rc2 v1.2.21-rc1 v1.2.20 v1.2.20-rc2 v1.2.20-rc1 v1.2.19 v1.2.19-rc2 v1.2.19-rc1 v1.2.18.4 v1.2.18.3 v1.2.18.2 v1.2.18.1 v1.2.18 v1.2.18-rc2 v1.2.18-rc1 v1.2.17 v1.2.17-rc2 v1.2.17-rc1 v1.2.16 v1.2.16-rc2 v1.2.16-rc1 v1.2.15 v1.2.15-rc2 v1.2.15-rc1 v1.2.14 v1.2.14-rc2 v1.2.14-rc1 v1.2.13.2 v1.2.13.1 v1.2.13 v1.2.13-rc2 v1.2.13-rc1 v1.2.12 v1.2.12-rc2 v1.2.12-rc1 v1.2.11 v1.2.11-rc2 v1.2.11-rc1 v1.2.10 v1.2.10-rc2 v1.2.10-rc1 v1.2.9.3 v1.2.9.2 v1.2.9.1 v1.2.9 v1.2.9-rc2 v1.2.9-rc1 v1.2.8 v1.2.8-rc2 v1.2.8-rc1 v1.2.7 v1.2.7-rc2 v1.2.7-rc1 v1.2.6 v1.2.6-rc2 v1.2.6-rc1 v1.2.5 v1.2.5-rc2 v1.2.5-rc1 v1.2.4 v1.2.4-rc2 v1.2.4-rc1 v1.2.3 v1.2.3-rc2 v1.2.3-rc1 v1.2.2 v1.2.2-rc2 v1.2.2-rc1 v1.2.1 v1.2.1-rc2 v1.2.1-rc1 v1.2.0 v1.2.0-rc2 v1.2.0-rc1 v1.1.4 v1.1.4-rc2 v1.1.4-rc1 v1.1.3.9 v1.1.3.8 v1.1.3.7 v1.1.3.6 v1.1.3.5 v1.1.3.4 v1.1.3.3 v1.1.3.2 v1.1.3.1 v1.1.3 v1.1.3-rc2 v1.1.3-rc1 v1.1.2 v1.1.2-rc2 v1.1.2-rc1 v1.1.1 v1.1.1-rc2 v1.1.1-rc1 v1.1.0 v1.1.0-rc2 v1.1.0-rc1 v1.0.6 v1.0.6-rc2 v1.0.6-rc1 v1.0.5.9 v1.0.5.8 v1.0.5.7 v1.0.5.6 v1.0.5.5 v1.0.5.4 v1.0.5.3 v1.0.5.2 v1.0.5.1 v1.0.5 v1.0.5-rc1 v1.0.4 v1.0.4-rc2 v1.0.4-rc1 v1.0.3 v1.0.3-rc2 v1.0.3-rc1 v1.0.2 v1.0.2-rc2 v1.0.2-rc1 v1.0.1 v1.0.1-rc2 v1.0.1-rc1 v1.0.0 v1.0.0-rc3 v1.0.0-rc2 v1.0.0-rc1 v0.10.2.8 v0.10.2.7 v0.10.2.6 v0.10.2.5 v0.10.2.4 v0.10.2.3 v0.10.2.2 v0.10.2.1 v0.10.2 v0.10.2-rc2 v0.10.2-rc1 CVE-2017-1000256 CVE-2017-2635 CVE-2016-5008 CVE-2015-5313 CVE-2015-5247-3 CVE-2015-5247-2 CVE-2015-5247-1 CVE-2015-0236-2 CVE-2015-0236-1 CVE-2014-8136 CVE-2014-8135 CVE-2014-8131-2 CVE-2014-8131-1 CVE-2014-7823 CVE-2014-3657 CVE-2014-3633 CVE-2014-1447-2 CVE-2014-1447-1 CVE-2014-0179 CVE-2014-0028 CVE-2013-7336 CVE-2013-6458-4 CVE-2013-6458-3 CVE-2013-6458-2 CVE-2013-6458-1 CVE-2013-6457 CVE-2013-6436 CVE-2013-5651 CVE-2013-4401 CVE-2013-4400-3 CVE-2013-4400-2 CVE-2013-4400-1 CVE-2013-4399 CVE-2013-4311 CVE-2013-4297 CVE-2013-4296 CVE-2013-4292 CVE-2013-4291 CVE-2013-4239 CVE-2013-4154 CVE-2013-4153 CVE-2013-2230 CVE-2013-2218 CVE-2013-1962 CVE-2013-0170 CVE-2012-4423 CVE-2012-3411
无相关合并请求
/*
* virnetserverprogram.c: generic network RPC server program
*
* Copyright (C) 2006-2011 Red Hat, Inc.
* Copyright (C) 2006-2012 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
......@@ -109,12 +109,19 @@ int virNetServerProgramMatches(virNetServerProgramPtr prog,
static virNetServerProgramProcPtr virNetServerProgramGetProc(virNetServerProgramPtr prog,
int procedure)
{
virNetServerProgramProcPtr proc;
if (procedure < 0)
return NULL;
if (procedure >= prog->nprocs)
return NULL;
return &prog->procs[procedure];
proc = &prog->procs[procedure];
if (!proc->func)
return NULL;
return proc;
}
unsigned int
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册
反馈
建议
客服 返回
顶部