diff --git a/libvirt-read-only-checks.patch b/libvirt-read-only-checks.patch new file mode 100644 index 0000000..3981764 --- /dev/null +++ b/libvirt-read-only-checks.patch @@ -0,0 +1,95 @@ +From: Guido Günther +Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800) +Subject: Add missing checks for read only connections +X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad + +Add missing checks for read only connections + +As pointed on CVE-2011-1146, some API forgot to check the read-only +status of the connection for entry point which modify the state +of the system or may lead to a remote execution using user data. +The entry points concerned are: + - virConnectDomainXMLToNative + - virNodeDeviceDettach + - virNodeDeviceReAttach + - virNodeDeviceReset + - virDomainRevertToSnapshot + - virDomainSnapshotDelete + +* src/libvirt.c: fix the above set of entry points to error on read-only + connections +--- + +diff --git a/src/libvirt.c b/src/libvirt.c +index caa109d..713291f 100644 +--- a/src/libvirt.c ++++ b/src/libvirt.c +@@ -3321,6 +3321,10 @@ char *virConnectDomainXMLToNative(virConnectPtr conn, + virDispatchError(NULL); + return NULL; + } ++ if (conn->flags & VIR_CONNECT_RO) { ++ virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ goto error; ++ } + + if (nativeFormat == NULL || domainXml == NULL) { + virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__); +@@ -9748,6 +9752,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev) + return -1; + } + ++ if (dev->conn->flags & VIR_CONNECT_RO) { ++ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ goto error; ++ } ++ + if (dev->conn->driver->nodeDeviceDettach) { + int ret; + ret = dev->conn->driver->nodeDeviceDettach (dev); +@@ -9791,6 +9800,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev) + return -1; + } + ++ if (dev->conn->flags & VIR_CONNECT_RO) { ++ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ goto error; ++ } ++ + if (dev->conn->driver->nodeDeviceReAttach) { + int ret; + ret = dev->conn->driver->nodeDeviceReAttach (dev); +@@ -9836,6 +9850,11 @@ virNodeDeviceReset(virNodeDevicePtr dev) + return -1; + } + ++ if (dev->conn->flags & VIR_CONNECT_RO) { ++ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ goto error; ++ } ++ + if (dev->conn->driver->nodeDeviceReset) { + int ret; + ret = dev->conn->driver->nodeDeviceReset (dev); +@@ -13131,6 +13150,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, + } + + conn = snapshot->domain->conn; ++ if (conn->flags & VIR_CONNECT_RO) { ++ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ goto error; ++ } + + if (conn->driver->domainRevertToSnapshot) { + int ret = conn->driver->domainRevertToSnapshot(snapshot, flags); +@@ -13177,6 +13200,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot, + } + + conn = snapshot->domain->conn; ++ if (conn->flags & VIR_CONNECT_RO) { ++ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ goto error; ++ } + + if (conn->driver->domainSnapshotDelete) { + int ret = conn->driver->domainSnapshotDelete(snapshot, flags); diff --git a/libvirt.spec b/libvirt.spec index 070af28..6a64c75 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -204,11 +204,12 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 0.8.8 -Release: 2%{?dist}%{?extra_release} +Release: 3%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz Patch1: %{name}-%{version}-kernel-boot-index.patch +Patch2: %{name}-read-only-checks.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root URL: http://libvirt.org/ BuildRequires: python-devel @@ -456,6 +457,7 @@ of recent versions of Linux (and other OSes). %prep %setup -q %patch1 -p1 +%patch2 -p1 %build %if ! %{with_xen} @@ -975,6 +977,10 @@ fi %endif %changelog +* Mon Mar 14 2011 Daniel Veillard - 0.8.8-3 +- fix a lack of API check on read-only connections +- CVE-2011-1146 + * Mon Feb 21 2011 Daniel P. Berrange - 0.8.8-2 - Fix kernel boot with latest QEMU