rpms
/
libvirt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix for CVE-2011-1146, missing checks on read-only connections

remotes/origin/f14
Daniel Veillard 2011-03-15 09:09:39 +08:00
parent 944583a781
commit ad7d10defd
2 changed files with 102 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
libvirt-0.8.3-read-only-checks.patch Normal file
View File

@ -0,0 +1,95 @@
From: Guido Günther <agx@sigxcpu.org>
Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800)
Subject: Add missing checks for read only connections
X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad
Add missing checks for read only connections
As pointed on CVE-2011-1146, some API forgot to check the read-only
status of the connection for entry point which modify the state
of the system or may lead to a remote execution using user data.
The entry points concerned are:
- virConnectDomainXMLToNative
- virNodeDeviceDettach
- virNodeDeviceReAttach
- virNodeDeviceReset
- virDomainRevertToSnapshot
- virDomainSnapshotDelete
* src/libvirt.c: fix the above set of entry points to error on read-only
connections
Rebased to 0.8.2, mostly changed the call of the error routines
---
--- src/libvirt.c.orig 2011-03-14 17:03:45.000000000 +0800
+++ src/libvirt.c 2011-03-14 17:10:41.000000000 +0800
@@ -3190,6 +3190,10 @@ char *virConnectDomainXMLToNative(virCon
virDispatchError(NULL);
return (NULL);
}
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibDomainError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (nativeFormat == NULL || domainXml == NULL) {
virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
@@ -9432,6 +9436,11 @@ virNodeDeviceDettach(virNodeDevicePtr de
return (-1);
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceDettach) {
int ret;
ret = dev->conn->driver->nodeDeviceDettach (dev);
@@ -9475,6 +9484,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d
return (-1);
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceReAttach) {
int ret;
ret = dev->conn->driver->nodeDeviceReAttach (dev);
@@ -9520,6 +9534,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
return (-1);
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceReset) {
int ret;
ret = dev->conn->driver->nodeDeviceReset (dev);
@@ -12775,6 +12794,10 @@ virDomainRevertToSnapshot(virDomainSnaps
}
conn = snapshot->domain->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (conn->driver->domainRevertToSnapshot) {
int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
@@ -12821,6 +12844,10 @@ virDomainSnapshotDelete(virDomainSnapsho
}
conn = snapshot->domain->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (conn->driver->domainSnapshotDelete) {
int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

8
libvirt.spec
View File

@ -185,12 +185,13 @@
Summary: Library providing a simple API virtualization Summary: Library providing a simple API virtualization
Name: libvirt Name: libvirt
Version: 0.8.3 Version: 0.8.3
Release: 4%{?dist}%{?extra_release} Release: 5%{?dist}%{?extra_release}
License: LGPLv2+ License: LGPLv2+
Group: Development/Libraries Group: Development/Libraries
Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
Patch1: %{name}-%{version}-boot-menu.patch Patch1: %{name}-%{version}-boot-menu.patch
Patch2: %{name}-%{version}-octal-addresses.patch Patch2: %{name}-%{version}-octal-addresses.patch
Patch3: %{name}-%{version}-read-only-checks.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
URL: http://libvirt.org/ URL: http://libvirt.org/
BuildRequires: python-devel BuildRequires: python-devel
@ -428,6 +429,7 @@ of recent versions of Linux (and other OSes).
%setup -q %setup -q
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p0
%build %build
%if ! %{with_xen} %if ! %{with_xen}
@ -919,6 +921,10 @@ fi
%endif %endif
%changelog %changelog
* Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> 0.8.3-5
- fix a lack of API check on read-only connections 683655
- CVE-2011-1146
* Fri Mar 4 2011 Daniel Veillard <veillard@redhat.com> 0.8.3-4 * Fri Mar 4 2011 Daniel Veillard <veillard@redhat.com> 0.8.3-4
- fix problem parsing octal addresses bug 653883 - fix problem parsing octal addresses bug 653883