Libvirt Security Notice: LSN-2011-0002

Error reporting in libvirtd is not thread safe

Lifecycle

Reported on: 20110325
Published on: 20110323
Fixed on: 20110323

Credits

Reported by: Jiri Denemark
Patched by: Jiri Denemark

See also

Description

When several threads in libvirtd are reporting errors at the same time, the details can get mixed up and potentially result in memory corruption. The problem is that libvirtd used a non-NULL connection when dispatching errors which triggered usage of the unsafe virConnGetLastError() API instead of virGetLastError() which is backed by a thread local.

Impact

Client applications may receive errors that were intended for other client applications connected to libvirtd. The libvirtd daemon itself may crash.

Workaround

No practical workaround

Affected product: libvirt

Branch master
Broken in: v0.6.0
Broken in: v0.6.1
Broken in: v0.6.2
Broken in: v0.6.3
Broken in: v0.6.4
Broken in: v0.6.5
Broken in: v0.7.0
Broken in: v0.7.1
Broken in: v0.7.2
Broken in: v0.7.3
Broken in: v0.7.4
Broken in: v0.7.5
Broken in: v0.7.6
Broken in: v0.7.7
Broken in: v0.8.0
Broken in: v0.8.1
Broken in: v0.8.2
Broken in: v0.8.3
Broken in: v0.8.4
Broken in: v0.8.5
Broken in: v0.8.6
Broken in: v0.8.7
Broken in: v0.8.8
Fixed in: v0.9.0
Broken by: 4a00119a0ac6828b0f54ed8ecc9f4c338e167d6b
Fixed by: f44bfb7fb978c9313ce050a1c4149bf04aa0a670

Alternative formats: [xml] [text]