From: Daniel P. Berrange <berrange@redhat.com>
Date: Fri, 3 May 2013 10:10:50 +0000 (+0100)
Subject: Fix F_DUPFD_CLOEXEC operation args
X-Git-Tag: CVE-2013-1962~207
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6670a64e1067f29da3c3e032739e140280b763d;p=thirdparty%2Flibvirt.git

Fix F_DUPFD_CLOEXEC operation args

The F_DUPFD_CLOEXEC operation with fcntl() expects a single
int argument, specifying the minimum FD number for the newly
dup'd file descriptor. We were not specifying that causing
random stack data to be accessed as the FD number. Sometimes
that worked, sometimes it didn't.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---

diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index e950d7fd77..dcf98b1e93 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -1055,7 +1055,7 @@ int virNetSocketDupFD(virNetSocketPtr sock, bool cloexec)
     int fd;
 
     if (cloexec)
-        fd = fcntl(sock->fd, F_DUPFD_CLOEXEC);
+        fd = fcntl(sock->fd, F_DUPFD_CLOEXEC, 0);
     else
         fd = dup(sock->fd);
     if (fd < 0) {