rpms
/
libvirt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix for CVE-2011-1146, missing checks on read-only connections

remotes/origin/f13
Daniel Veillard 2011-03-15 09:25:30 +08:00
parent 9fb09e2b6b
commit 00d22f3bca
2 changed files with 102 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
libvirt-0.8.2-read-only-checks.patch Normal file
View File

@ -0,0 +1,95 @@
From: Guido Günther <agx@sigxcpu.org>
Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800)
Subject: Add missing checks for read only connections
X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad
Add missing checks for read only connections
As pointed on CVE-2011-1146, some API forgot to check the read-only
status of the connection for entry point which modify the state
of the system or may lead to a remote execution using user data.
The entry points concerned are:
- virConnectDomainXMLToNative
- virNodeDeviceDettach
- virNodeDeviceReAttach
- virNodeDeviceReset
- virDomainRevertToSnapshot
- virDomainSnapshotDelete
* src/libvirt.c: fix the above set of entry points to error on read-only
connections
Rebased to 0.8.2, mostly changed the call of the error routines
---
--- src/libvirt.c.orig 2011-03-14 17:03:45.000000000 +0800
+++ src/libvirt.c 2011-03-14 17:10:41.000000000 +0800
@@ -3190,6 +3190,10 @@ char *virConnectDomainXMLToNative(virCon
virDispatchError(NULL);
return (NULL);
}
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibDomainError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (nativeFormat == NULL || domainXml == NULL) {
virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
@@ -9432,6 +9436,11 @@ virNodeDeviceDettach(virNodeDevicePtr de
return (-1);
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceDettach) {
int ret;
ret = dev->conn->driver->nodeDeviceDettach (dev);
@@ -9475,6 +9484,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d
return (-1);
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceReAttach) {
int ret;
ret = dev->conn->driver->nodeDeviceReAttach (dev);
@@ -9520,6 +9534,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
return (-1);
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceReset) {
int ret;
ret = dev->conn->driver->nodeDeviceReset (dev);
@@ -12775,6 +12794,10 @@ virDomainRevertToSnapshot(virDomainSnaps
}
conn = snapshot->domain->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (conn->driver->domainRevertToSnapshot) {
int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
@@ -12821,6 +12844,10 @@ virDomainSnapshotDelete(virDomainSnapsho
}
conn = snapshot->domain->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (conn->driver->domainSnapshotDelete) {
int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

8
libvirt.spec
View File

@ -185,7 +185,7 @@
Summary: Library providing a simple API virtualization Summary: Library providing a simple API virtualization
Name: libvirt Name: libvirt
Version: 0.8.2 Version: 0.8.2
Release: 1%{?dist}%{?extra_release} Release: 2%{?dist}%{?extra_release}
License: LGPLv2+ License: LGPLv2+
Group: Development/Libraries Group: Development/Libraries
Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
@ -203,6 +203,8 @@ Patch10: libvirt-0.8.2-10-qemu-img-format-handling.patch
Patch11: libvirt-0.8.2-11-storage-vol-backing.patch Patch11: libvirt-0.8.2-11-storage-vol-backing.patch
# CVE-2010-2242 # CVE-2010-2242
Patch12: libvirt-0.8.2-apply-iptables-sport-mapping.patch Patch12: libvirt-0.8.2-apply-iptables-sport-mapping.patch
# CVE-2011-1146
Patch13: libvirt-0.8.2-read-only-checks.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
URL: http://libvirt.org/ URL: http://libvirt.org/
BuildRequires: python-devel BuildRequires: python-devel
@ -450,6 +452,7 @@ of recent versions of Linux (and other OSes).
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1 %patch12 -p1
%patch13 -p0
%build %build
%if ! %{with_xen} %if ! %{with_xen}
@ -937,6 +940,9 @@ fi
%endif %endif
%changelog %changelog
* Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> - 0.8.2-2
- Fix for CVE-2011-1146, missing checks on read-only connections bug 683655
* Thu Jun 17 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-5.fc13 * Thu Jun 17 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-5.fc13
- Add qemu.conf options for audio workaround - Add qemu.conf options for audio workaround
- Fix parsing certain USB sysfs files (bz 598272) - Fix parsing certain USB sysfs files (bz 598272)