[libvirt] [PATCH] util: Fix crash of libvirtd when running numatune with invalid nodeset
Alex Jia
ajia at redhat.com
Mon Aug 19 03:21:42 UTC 2013
On 08/16/2013 07:42 PM, Eric Blake wrote:
> On 08/16/2013 01:47 AM, Alex Jia wrote:
>> This issue is introduced by commit 0fc8909, the virBitmapIsSet() needs caller
>> to ensure 'b< bitmap->max_bit', but it's lost in the virBitmapParse() caller,
>> this will cause crash of libvirtd, with the patch, libvirtd no crash and can
>> get a expected error "Failed to parse nodeset".
>>
>> ---
>> The caller virBitmapGetBit() can make sure 'b< bitmap->max_bit', so don't
>> need to worry about higher caller for the virBitmapGetBit(), but the
>> virBitmapParse() is called by many XML parser function, not sure which one
>> can crash libvirtd with read-only client then probably require a CVE, I haven't
>> a good way to check them now and only manually check them one by one.
> If you are worried that a bug might be a CVE, it is best to practice
> responsible disclosure, and NOT post the patch upstream, but instead
> post to libvirt-security at redhat.com. That way, the problem can be
Got it, if I think a bug might be a CVE then will post the patch to
libvirt-security at redhat.com next time, thanks.
> discussed without public disclosure, rather than calling attention to
> the fact and making it easier to design a 0-day exploit. But now that
> this is already publicly disclosed, we have to hurry up both the fix,
> and our analysis of whether it is exploitable.
>
More information about the libvir-list
mailing list