From 973dcb56f886274d767a581c03b1b9ba13668e1a Mon Sep 17 00:00:00 2001 From: Michal Privoznik <mprivozn@redhat.com> Date: Wed, 20 Jun 2012 19:19:18 -0600 Subject: [PATCH] qemu: Don't leak temporary list of USB devices To: libvir-list@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=816601 CVE-2012-2693 and add debug message when adding USB device to the list of active devices. (cherry picked from commit b2c7b9ee0e6f2203984035668c066be37f3a256a) Conflicts: src/qemu/qemu_hostdev.c - upstream split this out of qemu_driver.c Signed-off-by: Daniel Veillard <veillard@redhat.com> --- src/qemu/qemu_driver.c | 11 +++++++---- 1 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 85c645c..c925895 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -2987,10 +2987,7 @@ qemuPrepareHostdevUSBDevices(struct qemud_driver *driver, hostdev->source.subsys.u.usb.product); if (!usb) - return -1; - - hostdev->source.subsys.u.usb.bus = usbDeviceGetBus(usb); - hostdev->source.subsys.u.usb.device = usbDeviceGetDevno(usb); + goto cleanup; if ((tmp = usbDeviceListFind(driver->activeUsbHostdevs, usb))) { const char *other_name = usbDeviceGetUsedBy(tmp); @@ -3007,6 +3004,9 @@ qemuPrepareHostdevUSBDevices(struct qemud_driver *driver, goto cleanup; } + hostdev->source.subsys.u.usb.bus = usbDeviceGetBus(usb); + hostdev->source.subsys.u.usb.device = usbDeviceGetDevno(usb); + if (usbDeviceListAdd(list, usb) < 0) { usbFreeDevice(usb); goto cleanup; @@ -3022,6 +3022,9 @@ qemuPrepareHostdevUSBDevices(struct qemud_driver *driver, for (i = 0; i < usbDeviceListCount(list); i++) { tmp = usbDeviceListGet(list, i); usbDeviceSetUsedBy(tmp, name); + + VIR_DEBUG("Adding %03d.%03d dom=%s to activeUsbHostdevs", + usbDeviceGetBus(tmp), usbDeviceGetDevno(tmp), name); if (usbDeviceListAdd(driver->activeUsbHostdevs, tmp) < 0) { usbFreeDevice(tmp); goto inactivedevs; -- 1.7.7.4