[libvirt] [PATCH] util: Fix crash of libvirtd when running numatune with invalid nodeset
eblake at redhat.com
Fri Aug 16 11:42:09 UTC 2013
On 08/16/2013 01:47 AM, Alex Jia wrote:
> This issue is introduced by commit 0fc8909, the virBitmapIsSet() needs caller
> to ensure 'b < bitmap->max_bit', but it's lost in the virBitmapParse() caller,
> this will cause crash of libvirtd, with the patch, libvirtd no crash and can
> get a expected error "Failed to parse nodeset".
> The caller virBitmapGetBit() can make sure 'b < bitmap->max_bit', so don't
> need to worry about higher caller for the virBitmapGetBit(), but the
> virBitmapParse() is called by many XML parser function, not sure which one
> can crash libvirtd with read-only client then probably require a CVE, I haven't
> a good way to check them now and only manually check them one by one.
If you are worried that a bug might be a CVE, it is best to practice
responsible disclosure, and NOT post the patch upstream, but instead
post to libvirt-security at redhat.com. That way, the problem can be
discussed without public disclosure, rather than calling attention to
the fact and making it easier to design a 0-day exploit. But now that
this is already publicly disclosed, we have to hurry up both the fix,
and our analysis of whether it is exploitable.
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 621 bytes
Desc: OpenPGP digital signature
More information about the libvir-list