[libvirt] CVE-2014-1447 [was: [PATCH] Really don't crash if a connection closes early]

Eric Blake eblake at redhat.com
Wed Jan 15 04:10:37 UTC 2014

On 01/13/2014 08:24 AM, Jiri Denemark wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1047577
> When writing commit 173c291, I missed the fact virNetServerClientClose
> unlocks the client object before actually clearing client->sock and thus
> it is possible to hit a window when client->keepalive is NULL while
> client->sock is not NULL. I was thinking client->sock == NULL was a
> better check for a closed connection but apparently we have to go with
> client->keepalive == NULL to actually fix the crash.

By the way, commit 173c291 and this commit together fix CVE-2014-1447.
I'll be working on backporting it to appropriate branches.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140114/7fd0d1cb/attachment-0001.sig>

More information about the libvir-list mailing list