rpm/libvirt
SHA256
1
0
Fork 0
forked from pool/libvirt
Code Pull Requests Activity

Accepting request 75033 from Virtualization

Browse Source 
- Create qemu user:group if necessary at package installation.
  More fallout from bnc#694883

- VUL-0: libvirt: integer overflow in VirDomainGetVcpus
  774b21c1-CVE-2011-2511.patch
  bnc#703084

- Enable building libvirt with audit support
  bnc#694891

OBS-URL: https://build.opensuse.org/request/show/75033
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=80
This commit is contained in:
Sascha Peilicke 2011-07-04 07:33:29 +00:00 committed by Git OBS Bridge
commit 09259fd194
3 changed files with 126 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
774b21c1-CVE-2011-2511.patch Normal file
View File

@ -0,0 +1,83 @@
commit 774b21c163845170c9ffa873f5720d318812eaf6
Author: Eric Blake <eblake@redhat.com>
Date: Fri Jun 24 12:16:05 2011 -0600
remote: protect against integer overflow
Integer overflow and remote code are never a nice mix.
This has existed since commit 56cd414.
* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
on sending rpc.
* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
receiving rpc.
Index: libvirt-0.9.2/daemon/remote.c
===================================================================
--- libvirt-0.9.2.orig/daemon/remote.c
+++ libvirt-0.9.2/daemon/remote.c
@@ -61,6 +61,7 @@
#include "network.h"
#include "libvirt/libvirt-qemu.h"
#include "command.h"
+#include "intprops.h"
#define VIR_FROM_THIS VIR_FROM_REMOTE
@@ -1074,7 +1075,8 @@ remoteDispatchDomainGetVcpus(struct qemu
goto cleanup;
}
- if (args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
+ if (INT_MULTIPLY_OVERFLOW(args->maxinfo, args->maplen) ||
+ args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo * maplen > REMOTE_CPUMAPS_MAX"));
goto cleanup;
}
Index: libvirt-0.9.2/src/libvirt.c
===================================================================
--- libvirt-0.9.2.orig/src/libvirt.c
+++ libvirt-0.9.2/src/libvirt.c
@@ -39,6 +39,7 @@
#include "util.h"
#include "memory.h"
#include "configmake.h"
+#include "intprops.h"
#ifndef WITH_DRIVER_MODULES
# ifdef WITH_TEST
@@ -6805,8 +6806,8 @@ virDomainGetVcpus(virDomainPtr domain, v
/* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not
try to memcpy anything into a NULL pointer. */
- if ((cpumaps == NULL && maplen != 0)
- || (cpumaps && maplen <= 0)) {
+ if (!cpumaps ? maplen != 0
+ : (maplen <= 0 || INT_MULTIPLY_OVERFLOW(maxinfo, maplen))) {
virLibDomainError(VIR_ERR_INVALID_ARG, __FUNCTION__);
goto error;
}
Index: libvirt-0.9.2/src/remote/remote_driver.c
===================================================================
--- libvirt-0.9.2.orig/src/remote/remote_driver.c
+++ libvirt-0.9.2/src/remote/remote_driver.c
@@ -84,6 +84,7 @@
#include "ignore-value.h"
#include "files.h"
#include "command.h"
+#include "intprops.h"
#define VIR_FROM_THIS VIR_FROM_REMOTE
@@ -2032,7 +2033,8 @@ remoteDomainGetVcpus (virDomainPtr domai
maxinfo, REMOTE_VCPUINFO_MAX);
goto done;
}
- if (maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
+ if (INT_MULTIPLY_OVERFLOW(maxinfo, maplen) ||
+ maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
remoteError(VIR_ERR_RPC,
_("vCPU map buffer length exceeds maximum: %d > %d"),
maxinfo * maplen, REMOTE_CPUMAPS_MAX);

19
libvirt.changes
View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Fri Jul 1 10:10:23 MDT 2011 - jfehlig@suse.de
- Create qemu user:group if necessary at package installation.
More fallout from bnc#694883
-------------------------------------------------------------------
Thu Jun 30 14:48:51 MDT 2011 - jfehlig@suse.de
- VUL-0: libvirt: integer overflow in VirDomainGetVcpus
774b21c1-CVE-2011-2511.patch
bnc#703084
-------------------------------------------------------------------
Thu Jun 30 10:44:17 MDT 2011 - jfehlig@suse.de
- Enable building libvirt with audit support
bnc#694891
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 13 14:50:32 CST 2011 - lidongyang@novell.com Mon Jun 13 14:50:32 CST 2011 - lidongyang@novell.com

27
libvirt.spec
View File

@ -17,6 +17,9 @@
# norootforbuild # norootforbuild
# In the future, we may want a client only build, which will create a
# libvirt.so only containing the generic RPC driver and the test driver,
# but no libvirtd
# For now, default to a full server + client build # For now, default to a full server + client build
%define client_only 0 %define client_only 0
@ -142,6 +145,9 @@
%define with_yajl 0%{!?_without_yajl:%{server_drivers}} %define with_yajl 0%{!?_without_yajl:%{server_drivers}}
%endif %endif
# All supported version of openSUSE/SLE contain audit
%define with_audit 0%{!?_without_audit:1}
# Enable libpcap library # Enable libpcap library
%if %{with_qemu} %if %{with_qemu}
%if 0%{?suse_version} >= 1140 %if 0%{?suse_version} >= 1140
@ -271,6 +277,9 @@ BuildRequires: parted-devel
# For Multipath support # For Multipath support
BuildRequires: device-mapper-devel BuildRequires: device-mapper-devel
%endif %endif
%if %{with_audit}
BuildRequires: audit-devel
%endif
Name: libvirt Name: libvirt
Url: http://libvirt.org/ Url: http://libvirt.org/
@ -343,6 +352,7 @@ Source0: %{name}-%{version}.tar.bz2
Source1: libvirtd.init Source1: libvirtd.init
Source2: libvirtd-relocation-server.fw Source2: libvirtd-relocation-server.fw
# Upstream patches # Upstream patches
Patch0: 774b21c1-CVE-2011-2511.patch
# Need to go upstream # Need to go upstream
Patch100: xen-name-for-devid.patch Patch100: xen-name-for-devid.patch
Patch101: clone.patch Patch101: clone.patch
@ -436,7 +446,6 @@ Authors:
Karel Zak <kzak@redhat.com> Karel Zak <kzak@redhat.com>
%if %{with_python} %if %{with_python}
%package python %package python
License: LGPLv2.1+ License: LGPLv2.1+
Summary: A C toolkit to interract with the virtualization capabilities of Linux Summary: A C toolkit to interract with the virtualization capabilities of Linux
@ -459,6 +468,7 @@ Authors:
%prep %prep
%setup -q %setup -q
%patch0 -p1
%patch100 -p1 %patch100 -p1
%patch101 %patch101
%patch102 -p1 %patch102 -p1
@ -548,6 +558,9 @@ Authors:
%if ! %{with_polkit} %if ! %{with_polkit}
%define _without_polkit --without-polkit %define _without_polkit --without-polkit
%endif %endif
%if ! %{with_audit}
%define _without_audit --without-audit
%endif
%if ! %{with_network} %if ! %{with_network}
%define _without_network --without-network %define _without_network --without-network
%endif %endif
@ -591,6 +604,7 @@ export CFLAGS="$RPM_OPT_FLAGS"
%{?_without_yajl} \ %{?_without_yajl} \
%{?_without_macvtap} \ %{?_without_macvtap} \
%{?_without_polkit} \ %{?_without_polkit} \
%{?_without_audit} \
%{?_without_network} \ %{?_without_network} \
%{?_without_sasl} \ %{?_without_sasl} \
%{?_without_python} \ %{?_without_python} \
@ -694,6 +708,15 @@ then
> %{_sysconfdir}/libvirt/qemu/networks/default.xml > %{_sysconfdir}/libvirt/qemu/networks/default.xml
fi fi
%endif %endif
# Create qemu user:group if necessary
if test "%{qemu_user}" = "qemu"; then
%{_bindir}/getent group qemu >/dev/null || \
%{_sbindir}/groupadd -r qemu 2>/dev/null
%{_bindir}/getent group kvm >/dev/null && group_opts="-G kvm"
%{_bindir}/getent passwd qemu >/dev/null || \
%{_sbindir}/useradd -r -g qemu $group_opts -d / -s /sbin/nologin \
-c "qemu user" qemu
fi
%if 0%{?sles_version} %if 0%{?sles_version}
%{fillup_and_insserv -y libvirtd} %{fillup_and_insserv -y libvirtd}
%else %else
@ -719,7 +742,6 @@ fi
%postun client -p /sbin/ldconfig %postun client -p /sbin/ldconfig
%if %{with_libvirtd} %if %{with_libvirtd}
%files %files
%defattr(-, root, root) %defattr(-, root, root)
%{_sbindir}/libvirtd %{_sbindir}/libvirtd
@ -837,7 +859,6 @@ fi
%doc %{_docdir}/%{name}/html %doc %{_docdir}/%{name}/html
%if %{with_python} %if %{with_python}
%files python %files python
%defattr(-, root, root) %defattr(-, root, root)
%doc %{_docdir}/%{name}-python %doc %{_docdir}/%{name}-python