diff --git a/0001-Fix-memory-corruption-when-RestProxy-ssl-ca-file-doe.patch b/0001-Fix-memory-corruption-when-RestProxy-ssl-ca-file-doe.patch new file mode 100644 index 0000000..4c376de --- /dev/null +++ b/0001-Fix-memory-corruption-when-RestProxy-ssl-ca-file-doe.patch @@ -0,0 +1,37 @@ +From 546d37a44d88fd90d2f3f3ba4ee84042fcf8168c Mon Sep 17 00:00:00 2001 +From: Christophe Fergeau +Date: Tue, 26 Nov 2013 18:17:10 +0100 +Subject: [PATCH] Fix memory corruption when RestProxy::ssl-ca-file does not + exist + +Older librest releases don't have the RestProxy::ssl-ca-file property. +Without this property, we are not going to be able to set the CA +certificate to use to validate the oVirt instance TLS certificate, but we +should at least be able to report a connection error. +However, g_object_get() will not set its parameter to NULL when the +property does not exist, so we need to set it to NULL ourselves before +calling g_object_get() if we want to rely on that. + +If we don't do that, 'ca_file' will be uninitialized when +RestProxy::ssl-ca-file does not exist, and get_ca_cert_data() will call +g_free() on that variable, causing memory corruption. +--- + govirt/ovirt-proxy.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/govirt/ovirt-proxy.c b/govirt/ovirt-proxy.c +index 43124d6..b4ee32f 100644 +--- a/govirt/ovirt-proxy.c ++++ b/govirt/ovirt-proxy.c +@@ -405,7 +405,7 @@ error: + + static GByteArray *get_ca_cert_data(OvirtProxy *proxy) + { +- char *ca_file; ++ char *ca_file = NULL; + char *content; + gsize length; + GError *error = NULL; +-- +1.8.4.2 + diff --git a/libgovirt.spec b/libgovirt.spec index 550c938..541b4ea 100644 --- a/libgovirt.spec +++ b/libgovirt.spec @@ -9,7 +9,7 @@ Summary: A GObject library for interacting with oVirt REST API Name: libgovirt Version: 0.3.0 -Release: 1%{?dist}%{?extra_release} +Release: 2%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries Source: http://people.freedesktop.org/~teuf/govirt/%{name}-%{version}.tar.xz @@ -82,6 +82,10 @@ make check %endif %changelog +* Tue Nov 26 2013 Christophe Fergeau 0.3.0-2 +- Add patch to fix a memory corruption issue when librest does not have the + RestProxy::ssl-ca-file property (which is currently the case in Fedora) + * Sat Aug 03 2013 Fedora Release Engineering - 0.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild