rpms/libvirt/F-9 libvirt-0.5.1-read-only-checks.patch, NONE, 1.1 libvirt.spec, 1.96, 1.97
Daniel Veillard
veillard at fedoraproject.org
Wed Dec 17 16:40:07 UTC 2008
Author: veillard
Update of /cvs/pkgs/rpms/libvirt/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6023
Modified Files:
libvirt.spec
Added Files:
libvirt-0.5.1-read-only-checks.patch
Log Message:
fix missing read-only access checks, fixes CVE-2008-5086
daniel
libvirt-0.5.1-read-only-checks.patch:
--- NEW FILE libvirt-0.5.1-read-only-checks.patch ---
diff --git a/src/libvirt.c b/src/libvirt.c
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -2296,6 +2296,16 @@ virDomainMigrate (virDomainPtr domain,
conn = domain->conn; /* Source connection. */
if (!VIR_IS_CONNECT (dconn)) {
virLibConnError (conn, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return NULL;
+ }
+
+ if (domain->conn->flags & VIR_CONNECT_RO) {
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return NULL;
+ }
+ if (dconn->flags & VIR_CONNECT_RO) {
+ /* NB, delibrately report error against source object, not dest here */
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
return NULL;
}
@@ -2426,6 +2436,11 @@ virDomainMigratePrepare (virConnectPtr d
return -1;
}
+ if (dconn->flags & VIR_CONNECT_RO) {
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return -1;
+ }
+
if (dconn->driver->domainMigratePrepare)
return dconn->driver->domainMigratePrepare (dconn, cookie, cookielen,
uri_in, uri_out,
@@ -2457,6 +2472,11 @@ virDomainMigratePerform (virDomainPtr do
}
conn = domain->conn;
+ if (domain->conn->flags & VIR_CONNECT_RO) {
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return -1;
+ }
+
if (conn->driver->domainMigratePerform)
return conn->driver->domainMigratePerform (domain, cookie, cookielen,
uri,
@@ -2482,6 +2502,11 @@ virDomainMigrateFinish (virConnectPtr dc
if (!VIR_IS_CONNECT (dconn)) {
virLibConnError (NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return NULL;
+ }
+
+ if (dconn->flags & VIR_CONNECT_RO) {
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
return NULL;
}
@@ -2517,6 +2542,11 @@ virDomainMigratePrepare2 (virConnectPtr
return -1;
}
+ if (dconn->flags & VIR_CONNECT_RO) {
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return -1;
+ }
+
if (dconn->driver->domainMigratePrepare2)
return dconn->driver->domainMigratePrepare2 (dconn, cookie, cookielen,
uri_in, uri_out,
@@ -2547,6 +2577,11 @@ virDomainMigrateFinish2 (virConnectPtr d
return NULL;
}
+ if (dconn->flags & VIR_CONNECT_RO) {
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return NULL;
+ }
+
if (dconn->driver->domainMigrateFinish2)
return dconn->driver->domainMigrateFinish2 (dconn, dname,
cookie, cookielen,
@@ -2905,6 +2940,11 @@ virDomainBlockPeek (virDomainPtr dom,
}
conn = dom->conn;
+ if (dom->conn->flags & VIR_CONNECT_RO) {
+ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return (-1);
+ }
+
if (!path) {
virLibDomainError (dom, VIR_ERR_INVALID_ARG,
_("path is NULL"));
@@ -2980,6 +3020,11 @@ virDomainMemoryPeek (virDomainPtr dom,
}
conn = dom->conn;
+ if (dom->conn->flags & VIR_CONNECT_RO) {
+ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return (-1);
+ }
+
/* Flags must be VIR_MEMORY_VIRTUAL at the moment.
*
* Note on access to physical memory: A VIR_MEMORY_PHYSICAL flag is
@@ -3246,6 +3291,11 @@ virDomainSetAutostart(virDomainPtr domai
}
conn = domain->conn;
+
+ if (domain->conn->flags & VIR_CONNECT_RO) {
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return (-1);
+ }
if (conn->driver->domainSetAutostart)
return conn->driver->domainSetAutostart (domain, autostart);
@@ -4197,6 +4247,11 @@ virNetworkSetAutostart(virNetworkPtr net
return (-1);
}
+ if (network->conn->flags & VIR_CONNECT_RO) {
+ virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return (-1);
+ }
+
conn = network->conn;
if (conn->networkDriver && conn->networkDriver->networkSetAutostart)
@@ -4395,6 +4450,11 @@ virConnectFindStoragePoolSources(virConn
return NULL;
}
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return NULL;
+ }
+
if (conn->storageDriver && conn->storageDriver->findPoolSources)
return conn->storageDriver->findPoolSources(conn, type, srcSpec, flags);
@@ -5068,6 +5128,11 @@ virStoragePoolSetAutostart(virStoragePoo
return (-1);
}
+ if (pool->conn->flags & VIR_CONNECT_RO) {
+ virLibStoragePoolError(pool, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return (-1);
+ }
+
conn = pool->conn;
if (conn->storageDriver && conn->storageDriver->poolSetAutostart)
Index: libvirt.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libvirt/F-9/libvirt.spec,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- libvirt.spec 12 Dec 2008 07:39:23 -0000 1.96
+++ libvirt.spec 17 Dec 2008 16:39:37 -0000 1.97
@@ -35,11 +35,12 @@
Summary: Library providing a simple API virtualization
Name: libvirt
Version: 0.5.1
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
Source: libvirt-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+Patch0: libvirt-0.5.1-read-only-checks.patch
URL: http://libvirt.org/
BuildRequires: python python-devel
Requires: libxml2
@@ -163,6 +164,7 @@
%prep
%setup -q
+%patch0 -p1
%build
%if ! %{with_xen}
@@ -403,6 +405,9 @@
%endif
%changelog
+* Wed Dec 17 2008 Daniel Veillard <veillard at redhat.com> - 0.5.1-2.fc9
+- fix missing read-only access checks, fixes CVE-2008-5086
+
* Fri Dec 5 2008 Daniel Veillard <veillard at redhat.com> - 0.5.1-1.fc9
- upstream release 0.5.1
- mostly bugfixes e.g #473071
More information about the fedora-extras-commits
mailing list