diff options
Diffstat (limited to 'app-emulation/libvirt/files/libvirt-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch')
-rw-r--r-- | app-emulation/libvirt/files/libvirt-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/app-emulation/libvirt/files/libvirt-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch b/app-emulation/libvirt/files/libvirt-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch deleted file mode 100644 index b2e1b3536227..000000000000 --- a/app-emulation/libvirt/files/libvirt-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 9a47442366fcf8a7b6d7422016d7bbb6764a1098 Mon Sep 17 00:00:00 2001 -Message-ID: <9a47442366fcf8a7b6d7422016d7bbb6764a1098.1698742017.git.mprivozn@redhat.com> -From: Peter Krempa <pkrempa@redhat.com> -Date: Thu, 13 Jul 2023 16:16:37 +0200 -Subject: [PATCH] storage: Fix returning of locked objects from - 'virStoragePoolObjListSearch' -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2023-3750 - -'virStoragePoolObjListSearch' explicitly documents that it's returning -a pointer to a locked and ref'd pool that maches the lookup function. - -This was not the case as in commit 0c4b391e2a9 (released in -libvirt-8.3.0) the code was accidentally converted to use 'VIR_LOCK_GUARD' -which auto-unlocked it when leaving the scope, even when the code was -originally "leaking" the lock. - -Revert the corresponding conversion and add a comment that this function -is intentionally leaking a locked object. - -Fixes: 0c4b391e2a9 -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2221851 -Signed-off-by: Peter Krempa <pkrempa@redhat.com> -Reviewed-by: Ján Tomko <jtomko@redhat.com> -Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ---- - src/conf/virstorageobj.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/conf/virstorageobj.c b/src/conf/virstorageobj.c -index 7010e97d61..59fa5da372 100644 ---- a/src/conf/virstorageobj.c -+++ b/src/conf/virstorageobj.c -@@ -454,11 +454,16 @@ virStoragePoolObjListSearchCb(const void *payload, - virStoragePoolObj *obj = (virStoragePoolObj *) payload; - struct _virStoragePoolObjListSearchData *data = - (struct _virStoragePoolObjListSearchData *)opaque; -- VIR_LOCK_GUARD lock = virObjectLockGuard(obj); - -+ virObjectLock(obj); -+ -+ /* If we find the matching pool object we must return while the object is -+ * locked as the caller wants to return a locked object. */ - if (data->searcher(obj, data->opaque)) - return 1; - -+ virObjectUnlock(obj); -+ - return 0; - } - --- -2.41.0 - |