From 973dcb56f886274d767a581c03b1b9ba13668e1a Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 20 Jun 2012 19:19:18 -0600
Subject: [PATCH] qemu: Don't leak temporary list of USB devices
To: libvir-list@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=816601
CVE-2012-2693
and add debug message when adding USB device
to the list of active devices.
(cherry picked from commit b2c7b9ee0e6f2203984035668c066be37f3a256a)
Conflicts:
src/qemu/qemu_hostdev.c - upstream split this out of qemu_driver.c
Signed-off-by: Daniel Veillard <veillard@redhat.com>
---
src/qemu/qemu_driver.c | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 85c645c..c925895 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2987,10 +2987,7 @@ qemuPrepareHostdevUSBDevices(struct qemud_driver *driver,
hostdev->source.subsys.u.usb.product);
if (!usb)
- return -1;
-
- hostdev->source.subsys.u.usb.bus = usbDeviceGetBus(usb);
- hostdev->source.subsys.u.usb.device = usbDeviceGetDevno(usb);
+ goto cleanup;
if ((tmp = usbDeviceListFind(driver->activeUsbHostdevs, usb))) {
const char *other_name = usbDeviceGetUsedBy(tmp);
@@ -3007,6 +3004,9 @@ qemuPrepareHostdevUSBDevices(struct qemud_driver *driver,
goto cleanup;
}
+ hostdev->source.subsys.u.usb.bus = usbDeviceGetBus(usb);
+ hostdev->source.subsys.u.usb.device = usbDeviceGetDevno(usb);
+
if (usbDeviceListAdd(list, usb) < 0) {
usbFreeDevice(usb);
goto cleanup;
@@ -3022,6 +3022,9 @@ qemuPrepareHostdevUSBDevices(struct qemud_driver *driver,
for (i = 0; i < usbDeviceListCount(list); i++) {
tmp = usbDeviceListGet(list, i);
usbDeviceSetUsedBy(tmp, name);
+
+ VIR_DEBUG("Adding %03d.%03d dom=%s to activeUsbHostdevs",
+ usbDeviceGetBus(tmp), usbDeviceGetDevno(tmp), name);
if (usbDeviceListAdd(driver->activeUsbHostdevs, tmp) < 0) {
usbFreeDevice(tmp);
goto inactivedevs;
--
1.7.7.4
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
ebe084c140192657f9094e135a84202c
>
files
>
106
