pool/libvirt
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 251486 from Virtualization

Browse Source 
Fix for public CVE-2014-3633.

- CVE-2014-3633: Use correct definition when looking up disk in
  qemu blkiotune
  3e745e8f-CVE-2014-3633.patch
  bnc#897783

OBS-URL: https://build.opensuse.org/request/show/251486
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=159
This commit is contained in:
Stephan Kulow 2014-09-23 08:46:43 +00:00 committed by Git OBS Bridge
commit 66116ead75
3 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
3e745e8f-CVE-2014-3633.patch Normal file
View File

@ -0,0 +1,41 @@
commit 3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
Author: Peter Krempa <pkrempa@redhat.com>
Date: Thu Sep 11 16:35:53 2014 +0200
CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk
Live definition was used to look up the disk index while persistent one
was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the
correct def and report a nice error.
Unfortunately it's accessible via read-only connection, though it can
only crash libvirtd in the cases where the guest is hot-plugging disks
without reflecting those changes to the persistent definition. So
avoiding hotplug, or doing hotplug where persistent is always modified
alongside live definition, will avoid the out-of-bounds access.
Introduced in: eca96694a7f992be633d48d5ca03cedc9bbc3c9aa (v0.9.8)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724
Reported-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Index: libvirt-1.2.8/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.2.8.orig/src/qemu/qemu_driver.c
+++ libvirt-1.2.8/src/qemu/qemu_driver.c
@@ -16141,9 +16141,13 @@ qemuDomainGetBlockIoTune(virDomainPtr do
}
if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
- int idx = virDomainDiskIndexByName(vm->def, disk, true);
- if (idx < 0)
+ int idx = virDomainDiskIndexByName(persistentDef, disk, true);
+ if (idx < 0) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("disk '%s' was not found in the domain config"),
+ disk);
goto endjob;
+ }
reply = persistentDef->disks[idx]->blkdeviotune;
}

8
libvirt.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Sep 18 22:42:38 MDT 2014 - jfehlig@suse.com
- CVE-2014-3633: Use correct definition when looking up disk in
qemu blkiotune
3e745e8f-CVE-2014-3633.patch
bnc#897783
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Sep 10 10:24:26 MDT 2014 - jfehlig@suse.com Wed Sep 10 10:24:26 MDT 2014 - jfehlig@suse.com

2
libvirt.spec
View File

@ -429,6 +429,7 @@ Source1: libvirtd.init
Source2: libvirtd-relocation-server.fw Source2: libvirtd-relocation-server.fw
Source99: baselibs.conf Source99: baselibs.conf
# Upstream patches # Upstream patches
Patch0: 3e745e8f-CVE-2014-3633.patch
# Patches pending upstream review # Patches pending upstream review
Patch100: libvirt-guests-wait-for-ntp.patch Patch100: libvirt-guests-wait-for-ntp.patch
# Need to go upstream # Need to go upstream
@ -950,6 +951,7 @@ namespaces.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%patch100 -p1 %patch100 -p1
%patch150 -p1 %patch150 -p1
%patch151 -p1 %patch151 -p1