File 71753cb7-CVE-2011-1146.patch of Package libvirt

Overview Repositories Revisions Requests Users Attributes Meta

File 71753cb7-CVE-2011-1146.patch of Package libvirt

commit 71753cb7f7a16ff800381c0b5ee4e99eea92fed3
Author: Guido Günther <agx@sigxcpu.org>
Date:   Mon Mar 14 10:56:28 2011 +0800

Add missing checks for read only connections
    
    As pointed on CVE-2011-1146, some API forgot to check the read-only
    status of the connection for entry point which modify the state
    of the system or may lead to a remote execution using user data.
    The entry points concerned are:
      - virConnectDomainXMLToNative
      - virNodeDeviceDettach
      - virNodeDeviceReAttach
      - virNodeDeviceReset
      - virDomainRevertToSnapshot
      - virDomainSnapshotDelete
    
    * src/libvirt.c: fix the above set of entry points to error on read-only
                     connections

Index: libvirt-0.7.2/src/libvirt.c
===================================================================
--- libvirt-0.7.2.orig/src/libvirt.c
+++ libvirt-0.7.2/src/libvirt.c
@@ -2879,6 +2879,10 @@ char *virConnectDomainXMLToNative(virCon
         virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
         return (NULL);
     }
+    if (conn->flags & VIR_CONNECT_RO) {
+        virLibDomainError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
 
     if (nativeFormat == NULL || domainXml == NULL) {
         virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
@@ -8653,6 +8657,11 @@ virNodeDeviceDettach(virNodeDevicePtr de
         return (-1);
     }
 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
+
     if (dev->conn->driver->nodeDeviceDettach) {
         int ret;
         ret = dev->conn->driver->nodeDeviceDettach (dev);
@@ -8696,6 +8705,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d
         return (-1);
     }
 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
+
     if (dev->conn->driver->nodeDeviceReAttach) {
         int ret;
         ret = dev->conn->driver->nodeDeviceReAttach (dev);
@@ -8741,6 +8755,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
         return (-1);
     }
 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
+
     if (dev->conn->driver->nodeDeviceReset) {
         int ret;
         ret = dev->conn->driver->nodeDeviceReset (dev);

Places

File 71753cb7-CVE-2011-1146.patch of Package libvirt

Places