Codebase list libvirt / 0ee351f
[CVE-2011-1146] Add missing checks for read only connections Some API forgot to check the read-only status of the connection for entry point which modify the state of the system or may lead to a remote execution using user data. The entry points concerned are: - virConnectDomainXMLToNative - virNodeDeviceDettach - virNodeDeviceReAttach - virNodeDeviceReset - virDomainRevertToSnapshot - virDomainSnapshotDelete src/libvirt.c: fix the above set of entry points to error on read-only Closes: #617773 Guido Günther 13 years ago
2 changed file(s) with 97 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+96
-0
debian/patches/security/0013-Add-missing-checks-for-read-only-connections.patch less more
0 From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
1 Date: Mon, 14 Mar 2011 08:55:02 +0100
2 Subject: Add missing checks for read only connections
3
4 As pointed on CVE-2011-1146, some API forgot to check the read-only
5 status of the connection for entry point which modify the state
6 of the system or may lead to a remote execution using user data.
7 The entry points concerned are:
8 - virConnectDomainXMLToNative
9 - virNodeDeviceDettach
10 - virNodeDeviceReAttach
11 - virNodeDeviceReset
12 - virDomainRevertToSnapshot
13 - virDomainSnapshotDelete
14
15 * src/libvirt.c: fix the above set of entry points to error on read-only
16 connections
17
18 ---
19 src/libvirt.c | 27 +++++++++++++++++++++++++++
20 1 files changed, 27 insertions(+), 0 deletions(-)
21
22 diff --git a/src/libvirt.c b/src/libvirt.c
23 index 3ec5724..5e5a758 100644
24 --- a/src/libvirt.c
25 +++ b/src/libvirt.c
26 @@ -3177,6 +3177,10 @@ char *virConnectDomainXMLToNative(virConnectPtr conn,
27 virDispatchError(NULL);
28 return (NULL);
29 }
30 + if (conn->flags & VIR_CONNECT_RO) {
31 + virLibDomainError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
32 + goto error;
33 + }
34
35 if (nativeFormat == NULL || domainXml == NULL) {
36 virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
37 @@ -9418,6 +9422,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev)
38 return (-1);
39 }
40
41 + if (dev->conn->flags & VIR_CONNECT_RO) {
42 + virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
43 + goto error;
44 + }
45 +
46 if (dev->conn->driver->nodeDeviceDettach) {
47 int ret;
48 ret = dev->conn->driver->nodeDeviceDettach (dev);
49 @@ -9461,6 +9470,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev)
50 return (-1);
51 }
52
53 + if (dev->conn->flags & VIR_CONNECT_RO) {
54 + virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
55 + goto error;
56 + }
57 +
58 if (dev->conn->driver->nodeDeviceReAttach) {
59 int ret;
60 ret = dev->conn->driver->nodeDeviceReAttach (dev);
61 @@ -9506,6 +9520,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
62 return (-1);
63 }
64
65 + if (dev->conn->flags & VIR_CONNECT_RO) {
66 + virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
67 + goto error;
68 + }
69 +
70 if (dev->conn->driver->nodeDeviceReset) {
71 int ret;
72 ret = dev->conn->driver->nodeDeviceReset (dev);
73 @@ -12761,6 +12780,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
74 }
75
76 conn = snapshot->domain->conn;
77 + if (conn->flags & VIR_CONNECT_RO) {
78 + virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
79 + goto error;
80 + }
81
82 if (conn->driver->domainRevertToSnapshot) {
83 int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
84 @@ -12807,6 +12830,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
85 }
86
87 conn = snapshot->domain->conn;
88 + if (conn->flags & VIR_CONNECT_RO) {
89 + virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
90 + goto error;
91 + }
92
93 if (conn->driver->domainSnapshotDelete) {
94 int ret = conn->driver->domainSnapshotDelete(snapshot, flags);
95 --
+1
-0
debian/patches/series less more
99 0010-nwfilter-resolve-deadlock-between-VM-operations-and-.patch
1010 0011-OpenVZ-take-veid-from-vmdef-name-when-defining-new-d.patch
1111 0012-OpenVZ-Fix-some-overwritten-error-codes.patch
12 security/0013-Add-missing-checks-for-read-only-connections.patch