rpms/libvirt
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix for CVE-2011-1146, missing checks on read-only connections

Browse Source
This commit is contained in:
Daniel Veillard 2011-03-14 21:48:48 +08:00
parent d7239a45b6
commit 47fcec5405
2 changed files with 102 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
libvirt-read-only-checks.patch Normal file
View File

@ -0,0 +1,95 @@
From: Guido Günther <agx@sigxcpu.org>
Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800)
Subject: Add missing checks for read only connections
X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad
Add missing checks for read only connections
As pointed on CVE-2011-1146, some API forgot to check the read-only
status of the connection for entry point which modify the state
of the system or may lead to a remote execution using user data.
The entry points concerned are:
- virConnectDomainXMLToNative
- virNodeDeviceDettach
- virNodeDeviceReAttach
- virNodeDeviceReset
- virDomainRevertToSnapshot
- virDomainSnapshotDelete
* src/libvirt.c: fix the above set of entry points to error on read-only
connections
---
diff --git a/src/libvirt.c b/src/libvirt.c
index caa109d..713291f 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -3321,6 +3321,10 @@ char *virConnectDomainXMLToNative(virConnectPtr conn,
virDispatchError(NULL);
return NULL;
}
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (nativeFormat == NULL || domainXml == NULL) {
virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__);
@@ -9748,6 +9752,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev)
return -1;
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceDettach) {
int ret;
ret = dev->conn->driver->nodeDeviceDettach (dev);
@@ -9791,6 +9800,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev)
return -1;
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceReAttach) {
int ret;
ret = dev->conn->driver->nodeDeviceReAttach (dev);
@@ -9836,6 +9850,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
return -1;
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceReset) {
int ret;
ret = dev->conn->driver->nodeDeviceReset (dev);
@@ -13131,6 +13150,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
}
conn = snapshot->domain->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (conn->driver->domainRevertToSnapshot) {
int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
@@ -13177,6 +13200,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
}
conn = snapshot->domain->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (conn->driver->domainSnapshotDelete) {
int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

8
libvirt.spec
View File

@ -204,11 +204,12 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 0.8.8
Release: 2%{?dist}%{?extra_release}
Release: 3%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
Patch1: %{name}-%{version}-kernel-boot-index.patch
Patch2: %{name}-read-only-checks.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
URL: http://libvirt.org/
BuildRequires: python-devel
@ -456,6 +457,7 @@ of recent versions of Linux (and other OSes).
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%build
%if ! %{with_xen}
@ -975,6 +977,10 @@ fi
%endif
%changelog
* Mon Mar 14 2011 Daniel Veillard <veillard@redhat.com> - 0.8.8-3
- fix a lack of API check on read-only connections
- CVE-2011-1146
* Mon Feb 21 2011 Daniel P. Berrange <berrange@redhat.com> - 0.8.8-2
- Fix kernel boot with latest QEMU