security: plug regression introduced in disk probe logic CVE-2011-2178
authorEric Blake <eblake@redhat.com>
Thu, 26 May 2011 14:18:46 +0000 (08:18 -0600)
committerEric Blake <eblake@redhat.com>
Wed, 1 Jun 2011 23:05:24 +0000 (17:05 -0600)
commitb598ac555c8fe67ffc39ac8ef25fe7e6b28ae3f2
treefadba940b337aea801b17d0bd15dedefc8638037
parentb43e78f76b2398964b372cf084490168e993aad7
security: plug regression introduced in disk probe logic

Regression introduced in commit d6623003 (v0.8.8) - using the
wrong sizeof operand meant that security manager private data
was overlaying the allowDiskFormatProbing member of struct
_virSecurityManager.  This reopens disk probing, which was
supposed to be prevented by the solution to CVE-2010-2238.

* src/security/security_manager.c
(virSecurityManagerGetPrivateData): Use correct offset.
src/security/security_manager.c