Blob Blame History Raw
From f38c8185f97720ecae7ef2291fbaa5d6b0209e17 Mon Sep 17 00:00:00 2001
Message-Id: <f38c8185f97720ecae7ef2291fbaa5d6b0209e17.1373575119.git.crobinso@redhat.com>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Tue, 2 Jul 2013 15:17:09 +0200
Subject: [PATCH] Fix crash when multiple event callbacks were registered

CVE-2013-2230

Don't overwrite the callback ID returned by
virDomainEventStateRegisterID in ret by 0.

Introduced by abf75aea.
---
 src/qemu/qemu_driver.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 571d1f8..b0180c9 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -10043,9 +10043,7 @@ qemuConnectDomainEventRegisterAny(virConnectPtr conn,
                                       driver->domainEventState,
                                       dom, eventID,
                                       callback, opaque, freecb, &ret) < 0)
-        goto cleanup;
-
-    ret = 0;
+        ret = -1;
 
 cleanup:
     return ret;
-- 
1.8.3.1