diff options
| author |   takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-10-22 14:58:56 +0900 |
|---|---|---|
| committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-10-22 14:58:56 +0900 |
| commit | 4204309872da5cb401cbb2729d9e2d4869a87f42 (patch) | |
| tree | c7415e8600205e40ff7e91e8e5f4c411f30329f2 /external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch | |
| parent | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (diff) | |
agl-basesystem 0.1sandbox/ToshikazuOhiwa/master
Diffstat (limited to 'external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch')
| -rw-r--r-- | external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch new file mode 100644 index 00000000..118ece4c --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch @@ -0,0 +1,99 @@ +From 3352c8af264a7b9b741208790ecca0bbc6733f42 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com> +Date: Fri, 14 Jun 2019 08:47:42 +0200 +Subject: [PATCH 08/11] api: disallow virDomainSaveImageGetXMLDesc on read-only + connections +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The virDomainSaveImageGetXMLDesc API is taking a path parameter, +which can point to any path on the system. This file will then be +read and parsed by libvirtd running with root privileges. + +Forbid it on read-only connections. + +Fixes: CVE-2019-10161 +Reported-by: Matthias Gerstner <mgerstner@suse.de> +Signed-off-by: Ján Tomko <jtomko@redhat.com> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> +(cherry picked from commit aed6a032cead4386472afb24b16196579e239580) +Signed-off-by: Ján Tomko <jtomko@redhat.com> + +Conflicts: + src/libvirt-domain.c + src/remote/remote_protocol.x + +Upstream commit 12a51f372 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE +alias for VIR_DOMAIN_XML_SECURE is not backported. +Just skip the commit since we now disallow the whole API on read-only +connections, regardless of the flag. + +Signed-off-by: Ján Tomko <jtomko@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2019-10161 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/libvirt-domain.c | 11 ++--------- + src/qemu/qemu_driver.c | 2 +- + src/remote/remote_protocol.x | 3 +-- + 3 files changed, 4 insertions(+), 12 deletions(-) + +Index: libvirt-4.7.0/src/libvirt-domain.c +=================================================================== +--- libvirt-4.7.0.orig/src/libvirt-domain.c ++++ libvirt-4.7.0/src/libvirt-domain.c +@@ -1073,9 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn + * previously by virDomainSave() or virDomainSaveFlags(). + * + * No security-sensitive data will be included unless @flags contains +- * VIR_DOMAIN_XML_SECURE; this flag is rejected on read-only +- * connections. For this API, @flags should not contain either +- * VIR_DOMAIN_XML_INACTIVE or VIR_DOMAIN_XML_UPDATE_CPU. ++ * VIR_DOMAIN_XML_SECURE. + * + * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of + * error. The caller must free() the returned value. +@@ -1091,12 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectP + + virCheckConnectReturn(conn, NULL); + virCheckNonNullArgGoto(file, error); +- +- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) { +- virReportError(VIR_ERR_OPERATION_DENIED, "%s", +- _("virDomainSaveImageGetXMLDesc with secure flag")); +- goto error; +- } ++ virCheckReadOnlyGoto(conn->flags, error); + + if (conn->driver->domainSaveImageGetXMLDesc) { + char *ret; +Index: libvirt-4.7.0/src/qemu/qemu_driver.c +=================================================================== +--- libvirt-4.7.0.orig/src/qemu/qemu_driver.c ++++ libvirt-4.7.0/src/qemu/qemu_driver.c +@@ -6791,7 +6791,7 @@ qemuDomainSaveImageGetXMLDesc(virConnect + if (fd < 0) + goto cleanup; + +- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0) ++ if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0) + goto cleanup; + + ret = qemuDomainDefFormatXML(driver, def, flags); +Index: libvirt-4.7.0/src/remote/remote_protocol.x +=================================================================== +--- libvirt-4.7.0.orig/src/remote/remote_protocol.x ++++ libvirt-4.7.0/src/remote/remote_protocol.x +@@ -5226,8 +5226,7 @@ enum remote_procedure { + /** + * @generate: both + * @priority: high +- * @acl: domain:read +- * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE ++ * @acl: domain:write + */ + REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235, + |