Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
libvirt.17937
CVE-2019-10161-api-disallow-virDomainSaveImageG...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc.patch of Package libvirt.17937
From 850a64a3bd5bbd63cf930f9c0ad9b328f11adb49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com> Date: Fri, 14 Jun 2019 10:37:31 +0200 Subject: [PATCH 1/4] api: disallow virDomainSaveImageGetXMLDesc on read-only connections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: Matthias Gerstner <mgerstner@suse.de> Signed-off-by: Ján Tomko <jtomko@redhat.com> --- src/libvirt-domain.c | 11 ++--------- src/qemu/qemu_driver.c | 2 +- src/remote/remote_protocol.x | 3 +-- 3 files changed, 4 insertions(+), 12 deletions(-) Index: libvirt-4.0.0/src/libvirt-domain.c =================================================================== --- libvirt-4.0.0.orig/src/libvirt-domain.c +++ libvirt-4.0.0/src/libvirt-domain.c @@ -1073,8 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn * previously by virDomainSave() or virDomainSaveFlags(). * * No security-sensitive data will be included unless @flags contains - * VIR_DOMAIN_XML_SECURE; this flag is rejected on read-only - * connections. For this API, @flags should not contain either + * VIR_DOMAIN_XML_SECURE.For this API, @flags should not contain either * VIR_DOMAIN_XML_INACTIVE or VIR_DOMAIN_XML_UPDATE_CPU. * * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of @@ -1092,11 +1091,7 @@ virDomainSaveImageGetXMLDesc(virConnectP virCheckConnectReturn(conn, NULL); virCheckNonNullArgGoto(file, error); - if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) { - virReportError(VIR_ERR_OPERATION_DENIED, "%s", - _("virDomainSaveImageGetXMLDesc with secure flag")); - goto error; - } + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->domainSaveImageGetXMLDesc) { char *ret; Index: libvirt-4.0.0/src/qemu/qemu_driver.c =================================================================== --- libvirt-4.0.0.orig/src/qemu/qemu_driver.c +++ libvirt-4.0.0/src/qemu/qemu_driver.c @@ -6798,7 +6798,7 @@ qemuDomainSaveImageGetXMLDesc(virConnect if (fd < 0) goto cleanup; - if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0) + if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0) goto cleanup; ret = qemuDomainDefFormatXML(driver, def, flags); Index: libvirt-4.0.0/src/remote/remote_protocol.x =================================================================== --- libvirt-4.0.0.orig/src/remote/remote_protocol.x +++ libvirt-4.0.0/src/remote/remote_protocol.x @@ -5134,8 +5134,7 @@ enum remote_procedure { /** * @generate: both * @priority: high - * @acl: domain:read - * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE + * @acl: domain:write */ REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor