libvirt/CVE-2010-223x-0004.patch

219 lines
8.1 KiB
Diff
Raw Normal View History

>From 7b2c30d0af7938df533b85e948918cfdff2e5f01 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 15 Jun 2010 16:15:51 +0100
Subject: [PATCH 04/10] Require format to be passed into virStorageFileGetMetadata
Require the disk image to be passed into virStorageFileGetMetadata.
If this is set to VIR_STORAGE_FILE_AUTO, then the format will be
resolved using probing. This makes it easier to control when
probing will be used
* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
src/security/security_selinux.c, src/security/virt-aa-helper.c:
Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata.
* src/storage/storage_backend_fs.c: Probe for disk format before
caling virStorageFileGetMetadata.
* src/util/storage_file.h, src/util/storage_file.c: Remove format
from virStorageFileMeta struct & require it to be passed into
method.
---
src/qemu/qemu_driver.c | 27 +++++++++++++++++++++++----
src/qemu/qemu_security_dac.c | 4 +++-
src/security/security_selinux.c | 4 +++-
src/security/virt-aa-helper.c | 4 +++-
src/storage/storage_backend_fs.c | 11 ++++++++---
src/util/storage_file.c | 15 ++++++++++++---
src/util/storage_file.h | 3 ++-
7 files changed, 54 insertions(+), 14 deletions(-)
Index: libvirt-0.8.1/src/qemu/qemu_driver.c
===================================================================
--- libvirt-0.8.1.orig/src/qemu/qemu_driver.c
+++ libvirt-0.8.1/src/qemu/qemu_driver.c
@@ -9059,8 +9059,10 @@ static int qemuDomainGetBlockInfo(virDom
int fd = -1;
off_t end;
virStorageFileMetadata meta;
+ virDomainDiskDefPtr disk = NULL;
struct stat sb;
int i;
+ int format;
virCheckFlags(0, -1);
@@ -9086,6 +9088,7 @@ static int qemuDomainGetBlockInfo(virDom
if (vm->def->disks[i]->src != NULL &&
STREQ (vm->def->disks[i]->src, path)) {
ret = 0;
+ disk = vm->def->disks[i];
break;
}
}
@@ -9108,7 +9111,21 @@ static int qemuDomainGetBlockInfo(virDom
/* Probe for magic formats */
memset(&meta, 0, sizeof(meta));
- if (virStorageFileGetMetadataFromFD(path, fd, &meta) < 0)
+ if (disk->driverType) {
+ if ((format = virStorageFileFormatTypeFromString(disk->driverType)) < 0) {
+ qemuReportError(VIR_ERR_INTERNAL_ERROR,
+ _("unknown disk format %s for %s"),
+ disk->driverType, disk->src);
+ goto cleanup;
+ }
+ } else {
+ if ((format = virStorageFileProbeFormat(disk->src)) < 0)
+ goto cleanup;
+ }
+
+ if (virStorageFileGetMetadataFromFD(path, fd,
+ format,
+ &meta) < 0)
goto cleanup;
/* Get info for normal formats */
Index: libvirt-0.8.1/src/qemu/qemu_security_dac.c
===================================================================
--- libvirt-0.8.1.orig/src/qemu/qemu_security_dac.c
+++ libvirt-0.8.1/src/qemu/qemu_security_dac.c
@@ -118,7 +118,9 @@ qemuSecurityDACSetSecurityImageLabel(vir
memset(&meta, 0, sizeof(meta));
- ret = virStorageFileGetMetadata(path, &meta);
+ ret = virStorageFileGetMetadata(path,
+ VIR_STORAGE_FILE_AUTO,
+ &meta);
if (path != disk->src)
VIR_FREE(path);
Index: libvirt-0.8.1/src/security/security_selinux.c
===================================================================
--- libvirt-0.8.1.orig/src/security/security_selinux.c
+++ libvirt-0.8.1/src/security/security_selinux.c
@@ -431,7 +431,9 @@ SELinuxSetSecurityImageLabel(virDomainOb
memset(&meta, 0, sizeof(meta));
- ret = virStorageFileGetMetadata(path, &meta);
+ ret = virStorageFileGetMetadata(path,
+ VIR_STORAGE_FILE_AUTO,
+ &meta);
if (path != disk->src)
VIR_FREE(path);
Index: libvirt-0.8.1/src/security/virt-aa-helper.c
===================================================================
--- libvirt-0.8.1.orig/src/security/virt-aa-helper.c
+++ libvirt-0.8.1/src/security/virt-aa-helper.c
@@ -833,7 +833,9 @@ get_files(vahControl * ctl)
memset(&meta, 0, sizeof(meta));
- ret = virStorageFileGetMetadata(path, &meta);
+ ret = virStorageFileGetMetadata(path,
+ VIR_STORAGE_FILE_AUTO,
+ &meta);
if (path != ctl->def->disks[i]->src)
VIR_FREE(path);
Index: libvirt-0.8.1/src/storage/storage_backend_fs.c
===================================================================
--- libvirt-0.8.1.orig/src/storage/storage_backend_fs.c
+++ libvirt-0.8.1/src/storage/storage_backend_fs.c
@@ -77,14 +77,19 @@ virStorageBackendProbeTarget(virStorageV
memset(&meta, 0, sizeof(meta));
- if (virStorageFileGetMetadataFromFD(target->path, fd, &meta) < 0) {
+ if ((target->format = virStorageFileProbeFormatFromFD(target->path, fd)) < 0) {
close(fd);
return -1;
}
- close(fd);
+ if (virStorageFileGetMetadataFromFD(target->path, fd,
+ target->format,
+ &meta) < 0) {
+ close(fd);
+ return -1;
+ }
- target->format = meta.format;
+ close(fd);
if (backingStore) {
*backingStore = meta.backingStore;
Index: libvirt-0.8.1/src/util/storage_file.c
===================================================================
--- libvirt-0.8.1.orig/src/util/storage_file.c
+++ libvirt-0.8.1/src/util/storage_file.c
@@ -653,6 +653,7 @@ virStorageFileProbeFormat(const char *pa
int
virStorageFileGetMetadataFromFD(const char *path,
int fd,
+ int format,
virStorageFileMetadata *meta)
{
unsigned char head[20*512]; /* vmdk4GetBackingStore needs this much. */
@@ -670,9 +671,16 @@ virStorageFileGetMetadataFromFD(const ch
return -1;
}
- meta->format = virStorageFileProbeFormatFromBuf(path, head, len);
+ if (format == VIR_STORAGE_FILE_AUTO)
+ format = virStorageFileProbeFormatFromBuf(path, head, len);
- return virStorageFileGetMetadataFromBuf(meta->format, path, head, len, meta);
+ if (format < 0 ||
+ format >= VIR_STORAGE_FILE_LAST) {
+ virReportSystemError(EINVAL, _("unknown storage file format %d"), format);
+ return -1;
+ }
+
+ return virStorageFileGetMetadataFromBuf(format, path, head, len, meta);
}
/**
@@ -688,6 +696,7 @@ virStorageFileGetMetadataFromFD(const ch
*/
int
virStorageFileGetMetadata(const char *path,
+ int format,
virStorageFileMetadata *meta)
{
int fd, ret;
@@ -697,7 +706,7 @@ virStorageFileGetMetadata(const char *pa
return -1;
}
- ret = virStorageFileGetMetadataFromFD(path, fd, meta);
+ ret = virStorageFileGetMetadataFromFD(path, fd, format, meta);
close(fd);
Index: libvirt-0.8.1/src/util/storage_file.h
===================================================================
--- libvirt-0.8.1.orig/src/util/storage_file.h
+++ libvirt-0.8.1/src/util/storage_file.h
@@ -46,7 +46,6 @@ enum virStorageFileFormat {
VIR_ENUM_DECL(virStorageFileFormat);
typedef struct _virStorageFileMetadata {
- int format;
char *backingStore;
int backingStoreFormat;
unsigned long long capacity;
@@ -62,9 +61,11 @@ int virStorageFileProbeFormatFromFD(cons
int fd);
int virStorageFileGetMetadata(const char *path,
+ int format,
virStorageFileMetadata *meta);
int virStorageFileGetMetadataFromFD(const char *path,
int fd,
+ int format,
virStorageFileMetadata *meta);
#endif /* __VIR_STORAGE_FILE_H__ */