From 31962562a1fd37442bcbe56aea05e1f7c8e37724 Mon Sep 17 00:00:00 2001
From: Guannan Ren <gren@redhat.com>
Date: Wed, 20 Jun 2012 19:19:21 -0600
Subject: [PATCH] usb: fix crash when failing to attach a second usb device
To: libvir-list@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=816601
CVE-2012-2693
when failing to attach another usb device to a domain for some reason
which has one use device attached before, the libvirtd crashed.
The crash is caused by null-pointer dereference error in invoking
usbDeviceListSteal passed in NULL value usb variable.
commit 05abd1507d66aabb6cad12eeafeb4c4d1911c585 introduces the bug.
(cherry picked from commit ab5fb8f34c93661bb19b62e4ed3592fb53cd6b36)
Conflicts:
src/qemu/qemu_hotplug.c - upstream split this out of qemu_driver.c
Signed-off-by: Daniel Veillard <veillard@redhat.com>
---
src/qemu/qemu_driver.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index c49405c..30f8c9b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -8355,7 +8355,8 @@ error:
cleanup:
usbDeviceListFree(list);
- usbDeviceListSteal(driver->activeUsbHostdevs, usb);
+ if (usb)
+ usbDeviceListSteal(driver->activeUsbHostdevs, usb);
return -1;
}
--
1.7.7.4
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
ebe084c140192657f9094e135a84202c
>
files
>
137
