rpms / libvirt

Clone
Source Code
GIT

Blame libvirt-read-only-checks.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale
  1.   47fcec5405b3d99222af90ed344031389ac7d158
  2.   libvirt-read-only-checks.patch
Blob History Raw
Daniel Veillard 47fcec 
From: Guido Günther <agx@sigxcpu.org>
Daniel Veillard 47fcec 
Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800)
Daniel Veillard 47fcec 
Subject: Add missing checks for read only connections
Daniel Veillard 47fcec 
X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
Add missing checks for read only connections
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
As pointed on CVE-2011-1146, some API forgot to check the read-only
Daniel Veillard 47fcec 
status of the connection for entry point which modify the state
Daniel Veillard 47fcec 
of the system or may lead to a remote execution using user data.
Daniel Veillard 47fcec 
The entry points concerned are:
Daniel Veillard 47fcec 
  - virConnectDomainXMLToNative
Daniel Veillard 47fcec 
  - virNodeDeviceDettach
Daniel Veillard 47fcec 
  - virNodeDeviceReAttach
Daniel Veillard 47fcec 
  - virNodeDeviceReset
Daniel Veillard 47fcec 
  - virDomainRevertToSnapshot
Daniel Veillard 47fcec 
  - virDomainSnapshotDelete
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
* src/libvirt.c: fix the above set of entry points to error on read-only
Daniel Veillard 47fcec 
                 connections
Daniel Veillard 47fcec 
---
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
diff --git a/src/libvirt.c b/src/libvirt.c
Daniel Veillard 47fcec 
index caa109d..713291f 100644
Daniel Veillard 47fcec 
--- a/src/libvirt.c
Daniel Veillard 47fcec 
+++ b/src/libvirt.c
Daniel Veillard 47fcec 
@@ -3321,6 +3321,10 @@ char *virConnectDomainXMLToNative(virConnectPtr conn,
Daniel Veillard 47fcec 
         virDispatchError(NULL);
Daniel Veillard 47fcec 
         return NULL;
Daniel Veillard 47fcec 
     }
Daniel Veillard 47fcec 
+    if (conn->flags & VIR_CONNECT_RO) {
Daniel Veillard 47fcec 
+        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
Daniel Veillard 47fcec 
+        goto error;
Daniel Veillard 47fcec 
+    }
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
     if (nativeFormat == NULL || domainXml == NULL) {
Daniel Veillard 47fcec 
         virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__);
Daniel Veillard 47fcec 
@@ -9748,6 +9752,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev)
Daniel Veillard 47fcec 
         return -1;
Daniel Veillard 47fcec 
     }
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
Daniel Veillard 47fcec 
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
Daniel Veillard 47fcec 
+        goto error;
Daniel Veillard 47fcec 
+    }
Daniel Veillard 47fcec 
+
Daniel Veillard 47fcec 
     if (dev->conn->driver->nodeDeviceDettach) {
Daniel Veillard 47fcec 
         int ret;
Daniel Veillard 47fcec 
         ret = dev->conn->driver->nodeDeviceDettach (dev);
Daniel Veillard 47fcec 
@@ -9791,6 +9800,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev)
Daniel Veillard 47fcec 
         return -1;
Daniel Veillard 47fcec 
     }
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
Daniel Veillard 47fcec 
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
Daniel Veillard 47fcec 
+        goto error;
Daniel Veillard 47fcec 
+    }
Daniel Veillard 47fcec 
+
Daniel Veillard 47fcec 
     if (dev->conn->driver->nodeDeviceReAttach) {
Daniel Veillard 47fcec 
         int ret;
Daniel Veillard 47fcec 
         ret = dev->conn->driver->nodeDeviceReAttach (dev);
Daniel Veillard 47fcec 
@@ -9836,6 +9850,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
Daniel Veillard 47fcec 
         return -1;
Daniel Veillard 47fcec 
     }
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
Daniel Veillard 47fcec 
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
Daniel Veillard 47fcec 
+        goto error;
Daniel Veillard 47fcec 
+    }
Daniel Veillard 47fcec 
+
Daniel Veillard 47fcec 
     if (dev->conn->driver->nodeDeviceReset) {
Daniel Veillard 47fcec 
         int ret;
Daniel Veillard 47fcec 
         ret = dev->conn->driver->nodeDeviceReset (dev);
Daniel Veillard 47fcec 
@@ -13131,6 +13150,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
Daniel Veillard 47fcec 
     }
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
     conn = snapshot->domain->conn;
Daniel Veillard 47fcec 
+    if (conn->flags & VIR_CONNECT_RO) {
Daniel Veillard 47fcec 
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
Daniel Veillard 47fcec 
+        goto error;
Daniel Veillard 47fcec 
+    }
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
     if (conn->driver->domainRevertToSnapshot) {
Daniel Veillard 47fcec 
         int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
Daniel Veillard 47fcec 
@@ -13177,6 +13200,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
Daniel Veillard 47fcec 
     }
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
     conn = snapshot->domain->conn;
Daniel Veillard 47fcec 
+    if (conn->flags & VIR_CONNECT_RO) {
Daniel Veillard 47fcec 
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
Daniel Veillard 47fcec 
+        goto error;
Daniel Veillard 47fcec 
+    }
Daniel Veillard 47fcec
Daniel Veillard 47fcec 
     if (conn->driver->domainSnapshotDelete) {
Daniel Veillard 47fcec 
         int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation