Fix for CVE-2014-3633, which is public.

- CVE-2014-3633: Use correct definition when looking up disk in
  qemu blkiotune
  3e745e8f-CVE-2014-3633.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=408
This commit is contained in:
James Fehlig 2014-09-19 04:45:37 +00:00 committed by Git OBS Bridge
parent 805eccbdff
commit 88c5e40c87
3 changed files with 50 additions and 0 deletions

View File

@ -0,0 +1,41 @@
commit 3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
Author: Peter Krempa <pkrempa@redhat.com>
Date: Thu Sep 11 16:35:53 2014 +0200
CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk
Live definition was used to look up the disk index while persistent one
was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the
correct def and report a nice error.
Unfortunately it's accessible via read-only connection, though it can
only crash libvirtd in the cases where the guest is hot-plugging disks
without reflecting those changes to the persistent definition. So
avoiding hotplug, or doing hotplug where persistent is always modified
alongside live definition, will avoid the out-of-bounds access.
Introduced in: eca96694a7f992be633d48d5ca03cedc9bbc3c9aa (v0.9.8)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724
Reported-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Index: libvirt-1.2.8/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.2.8.orig/src/qemu/qemu_driver.c
+++ libvirt-1.2.8/src/qemu/qemu_driver.c
@@ -16141,9 +16141,13 @@ qemuDomainGetBlockIoTune(virDomainPtr do
}
if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
- int idx = virDomainDiskIndexByName(vm->def, disk, true);
- if (idx < 0)
+ int idx = virDomainDiskIndexByName(persistentDef, disk, true);
+ if (idx < 0) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("disk '%s' was not found in the domain config"),
+ disk);
goto endjob;
+ }
reply = persistentDef->disks[idx]->blkdeviotune;
}

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Sep 18 22:42:38 MDT 2014 - jfehlig@suse.com
- CVE-2014-3633: Use correct definition when looking up disk in
qemu blkiotune
3e745e8f-CVE-2014-3633.patch
-------------------------------------------------------------------
Wed Sep 10 10:24:26 MDT 2014 - jfehlig@suse.com

View File

@ -429,6 +429,7 @@ Source1: libvirtd.init
Source2: libvirtd-relocation-server.fw
Source99: baselibs.conf
# Upstream patches
Patch0: 3e745e8f-CVE-2014-3633.patch
# Patches pending upstream review
Patch100: libvirt-guests-wait-for-ntp.patch
# Need to go upstream
@ -950,6 +951,7 @@ namespaces.
%prep
%setup -q
%patch0 -p1
%patch100 -p1
%patch150 -p1
%patch151 -p1