forked from pool/libvirt
6595490957
Fix for CVE-2017-1000256. - qemu: ensure TLS clients always verify the server certificate CVE-2017-1000256 bsc#1062563 OBS-URL: https://build.opensuse.org/request/show/534320 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=631
68 lines
3.4 KiB
Diff
68 lines
3.4 KiB
Diff
commit 441d3eb6d1be940a67ce45a286602a967601b157
|
|
Author: Daniel P. Berrange <berrange@redhat.com>
|
|
Date: Thu Oct 5 17:54:28 2017 +0100
|
|
|
|
qemu: ensure TLS clients always verify the server certificate
|
|
|
|
The default_tls_x509_verify (and related) parameters in qemu.conf
|
|
control whether the QEMU TLS servers request & verify certificates
|
|
from clients. This works as a simple access control system for
|
|
servers by requiring the CA to issue certs to permitted clients.
|
|
This use of client certificates is disabled by default, since it
|
|
requires extra work to issue client certificates.
|
|
|
|
Unfortunately the code was using this configuration parameter when
|
|
setting up both TLS clients and servers in QEMU. The result was that
|
|
TLS clients for character devices and disk devices had verification
|
|
turned off, meaning they would ignore errors while validating the
|
|
server certificate.
|
|
|
|
This allows for trivial MITM attacks between client and server,
|
|
as any certificate returned by the attacker will be accepted by
|
|
the client.
|
|
|
|
This is assigned CVE-2017-1000256 / LSN-2017-0002
|
|
|
|
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
|
Index: libvirt-3.8.0/src/qemu/qemu_command.c
|
|
===================================================================
|
|
--- libvirt-3.8.0.orig/src/qemu/qemu_command.c
|
|
+++ libvirt-3.8.0/src/qemu/qemu_command.c
|
|
@@ -721,7 +721,7 @@ qemuBuildTLSx509BackendProps(const char
|
|
if (virJSONValueObjectCreate(propsret,
|
|
"s:dir", path,
|
|
"s:endpoint", (isListen ? "server": "client"),
|
|
- "b:verify-peer", verifypeer,
|
|
+ "b:verify-peer", (isListen ? verifypeer : true),
|
|
NULL) < 0)
|
|
goto cleanup;
|
|
|
|
Index: libvirt-3.8.0/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
|
|
===================================================================
|
|
--- libvirt-3.8.0.orig/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
|
|
+++ libvirt-3.8.0/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
|
|
@@ -26,7 +26,7 @@ server,nowait \
|
|
localport=1111 \
|
|
-device isa-serial,chardev=charserial0,id=serial0 \
|
|
-object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
|
|
-endpoint=client,verify-peer=no \
|
|
+endpoint=client,verify-peer=yes \
|
|
-chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
|
|
tls-creds=objcharserial1_tls0 \
|
|
-device isa-serial,chardev=charserial1,id=serial1 \
|
|
Index: libvirt-3.8.0/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
|
|
===================================================================
|
|
--- libvirt-3.8.0.orig/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
|
|
+++ libvirt-3.8.0/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
|
|
@@ -31,7 +31,7 @@ localport=1111 \
|
|
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
|
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
|
-object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
|
|
-endpoint=client,verify-peer=no,passwordid=charserial1-secret0 \
|
|
+endpoint=client,verify-peer=yes,passwordid=charserial1-secret0 \
|
|
-chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
|
|
tls-creds=objcharserial1_tls0 \
|
|
-device isa-serial,chardev=charserial1,id=serial1 \
|