From 31962562a1fd37442bcbe56aea05e1f7c8e37724 Mon Sep 17 00:00:00 2001 From: Guannan Ren <gren@redhat.com> Date: Wed, 20 Jun 2012 19:19:21 -0600 Subject: [PATCH] usb: fix crash when failing to attach a second usb device To: libvir-list@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=816601 CVE-2012-2693 when failing to attach another usb device to a domain for some reason which has one use device attached before, the libvirtd crashed. The crash is caused by null-pointer dereference error in invoking usbDeviceListSteal passed in NULL value usb variable. commit 05abd1507d66aabb6cad12eeafeb4c4d1911c585 introduces the bug. (cherry picked from commit ab5fb8f34c93661bb19b62e4ed3592fb53cd6b36) Conflicts: src/qemu/qemu_hotplug.c - upstream split this out of qemu_driver.c Signed-off-by: Daniel Veillard <veillard@redhat.com> --- src/qemu/qemu_driver.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index c49405c..30f8c9b 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -8355,7 +8355,8 @@ error: cleanup: usbDeviceListFree(list); - usbDeviceListSteal(driver->activeUsbHostdevs, usb); + if (usb) + usbDeviceListSteal(driver->activeUsbHostdevs, usb); return -1; } -- 1.7.7.4