From 0293adf3792eeb797c498feefa178309d28c4803 Mon Sep 17 00:00:00 2001
Message-Id: <0293adf3792eeb797c498feefa178309d28c4803@dist-git>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Wed, 30 Sep 2020 17:38:15 +0200
Subject: [PATCH] qemu: agent: set ifname to NULL after freeing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2020-25637

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Fixes: 0977b8aa071de550e1a013d35e2c72615e65d520
Reviewed-by: Mauro Matteo Cascella <mcascell@redhat.com>
(cherry picked from commit a63b48c5ecef077bf0f909a85f453a605600cf05)
Signed-off-by: Ján Tomko <jtomko@redhat.com>

Conflicts: src/qemu/qemu_agent.c
    Commit ee247e1d which switched virStringListFree
    to g_strfreev is missing downstream.
Message-Id: <c1f5b852a6ca4afaebf4fae7633b32dbe91af328.1601480224.git.jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/qemu/qemu_agent.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index d6fd02a4b6..35bef8636d 100644
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -2055,6 +2055,7 @@ qemuAgentGetInterfaces(qemuAgentPtr mon,
 
         /* Has to be freed for each interface. */
         virStringListFree(ifname);
+        ifname = NULL;
 
         /* as well as IP address which - moreover -
          * can be presented multiple times */
-- 
2.28.0