libvirt/2a07c990-api-CVE-2019-3886.patch

commit 2a07c990bd9143d7a0fe8d1b6b7c763c52185240
Author: Daniel P. Berrangé <berrange@redhat.com>
Date:   Wed Mar 27 10:59:58 2019 +0000

    api: disallow virDomainGetHostname for read-only connections
    
    The virDomainGetHostname API is fetching guest information and this may
    involve use of an untrusted guest agent. As such its use must be
    forbidden on a read-only connection to libvirt.
    
    Fixes CVE-2019-3886
    Reviewed-by: Jim Fehlig <jfehlig@suse.com>
    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Index: libvirt-5.2.0/src/libvirt-domain.c
===================================================================
--- libvirt-5.2.0.orig/src/libvirt-domain.c
+++ libvirt-5.2.0/src/libvirt-domain.c
@@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain
     virCheckDomainReturn(domain, NULL);
     conn = domain->conn;
 
+    virCheckReadOnlyGoto(domain->conn->flags, error);
+
     if (conn->driver->domainGetHostname) {
         char *ret;
         ret = conn->driver->domainGetHostname(domain, flags);