Accepting request 65096 from Virtualization

Accepted submit request 65096 from user licensedigger

OBS-URL: https://build.opensuse.org/request/show/65096
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=74
This commit is contained in:
Sascha Peilicke 2011-03-24 16:24:07 +00:00 committed by Git OBS Bridge
commit 4d7451dea2
4 changed files with 120 additions and 1 deletions

View File

@ -0,0 +1,93 @@
commit 71753cb7f7a16ff800381c0b5ee4e99eea92fed3
Author: Guido Günther <agx@sigxcpu.org>
Date: Mon Mar 14 10:56:28 2011 +0800
Add missing checks for read only connections
As pointed on CVE-2011-1146, some API forgot to check the read-only
status of the connection for entry point which modify the state
of the system or may lead to a remote execution using user data.
The entry points concerned are:
- virConnectDomainXMLToNative
- virNodeDeviceDettach
- virNodeDeviceReAttach
- virNodeDeviceReset
- virDomainRevertToSnapshot
- virDomainSnapshotDelete
* src/libvirt.c: fix the above set of entry points to error on read-only
connections
Index: libvirt-0.8.8/src/libvirt.c
===================================================================
--- libvirt-0.8.8.orig/src/libvirt.c
+++ libvirt-0.8.8/src/libvirt.c
@@ -3152,6 +3152,10 @@ char *virConnectDomainXMLToNative(virCon
virDispatchError(NULL);
return NULL;
}
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (nativeFormat == NULL || domainXml == NULL) {
virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__);
@@ -9579,6 +9583,11 @@ virNodeDeviceDettach(virNodeDevicePtr de
return -1;
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceDettach) {
int ret;
ret = dev->conn->driver->nodeDeviceDettach (dev);
@@ -9622,6 +9631,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d
return -1;
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceReAttach) {
int ret;
ret = dev->conn->driver->nodeDeviceReAttach (dev);
@@ -9667,6 +9681,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
return -1;
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceReset) {
int ret;
ret = dev->conn->driver->nodeDeviceReset (dev);
@@ -12962,6 +12981,10 @@ virDomainRevertToSnapshot(virDomainSnaps
}
conn = snapshot->domain->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (conn->driver->domainRevertToSnapshot) {
int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
@@ -13008,6 +13031,10 @@ virDomainSnapshotDelete(virDomainSnapsho
}
conn = snapshot->domain->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (conn->driver->domainSnapshotDelete) {
int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

2
baselibs.conf Normal file
View File

@ -0,0 +1,2 @@
libvirt-client
libvirt-devel

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Thu Mar 24 10:23:30 UTC 2011 - coolo@novell.com
- use %first_lang before changing symlinks, find_lang removes
unsupported languages
-------------------------------------------------------------------
Tue Mar 15 09:37:20 MDT 2011 - jfehlig@novell.com
- VUL-0: libvirt: several API calls do not honour read-only
connection
71753cb7-CVE-2011-1146.patch
bnc#678406
-------------------------------------------------------------------
Mon Mar 7 11:47:17 MST 2011 - jfehlig@novell.com
- Add baselibs.conf file to build xxbit packages
for multilib support
bnc#676921
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Feb 25 12:38:09 MST 2011 - jfehlig@novell.com Fri Feb 25 12:38:09 MST 2011 - jfehlig@novell.com

View File

@ -170,6 +170,7 @@ Source0: %{name}-%{version}.tar.bz2
Source1: libvirtd.init Source1: libvirtd.init
# Upstream patches # Upstream patches
Patch0: efc2594b-boot-param.patch Patch0: efc2594b-boot-param.patch
Patch1: 71753cb7-CVE-2011-1146.patch
# Need to go upstream # Need to go upstream
Patch100: xen-name-for-devid.patch Patch100: xen-name-for-devid.patch
Patch102: clone.patch Patch102: clone.patch
@ -285,6 +286,7 @@ Authors:
%prep %prep
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1
%patch100 -p1 %patch100 -p1
%patch102 %patch102
%patch103 -p1 %patch103 -p1
@ -409,6 +411,8 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu
%if ! %{with_uml} %if ! %{with_uml}
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml
%endif %endif
%find_lang %{name}
ln_dupes() ln_dupes()
{ {
target="" target=""
@ -430,7 +434,6 @@ mkdir -p $RPM_BUILD_ROOT/etc/init.d
install %SOURCE1 $RPM_BUILD_ROOT/etc/init.d/libvirtd install %SOURCE1 $RPM_BUILD_ROOT/etc/init.d/libvirtd
ln -s /etc/init.d/libvirtd $RPM_BUILD_ROOT/usr/sbin/rclibvirtd ln -s /etc/init.d/libvirtd $RPM_BUILD_ROOT/usr/sbin/rclibvirtd
ln -s /etc/init.d/libvirt-guests $RPM_BUILD_ROOT/usr/sbin/rclibvirt-guests ln -s /etc/init.d/libvirt-guests $RPM_BUILD_ROOT/usr/sbin/rclibvirt-guests
%find_lang %{name}
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT