rpms / libvirt

Clone
Source Code
GIT

Blame SOURCES/libvirt-CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-info-from-save-image.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale
  1.   9119d9f85154a1890dd2d87418501291b6316f13
  2.   SOURCES
  3.   libvirt-CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-info-from-save-image.patch
Blob History Raw
9119d9 
From 9b1f9aae223e1633662858e6d2ceac2ed6d2d5c4 Mon Sep 17 00:00:00 2001
9119d9 
Message-Id: <9b1f9aae223e1633662858e6d2ceac2ed6d2d5c4@dist-git>
9119d9 
From: Peter Krempa <pkrempa@redhat.com>
9119d9 
Date: Wed, 21 Jan 2015 13:07:43 +0100
9119d9 
Subject: [PATCH] CVE-2015-0236: qemu: Check ACLs when dumping security info
9119d9 
 from save image
9119d9
9119d9 
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
9119d9 
appropriate permission for it.
9119d9
9119d9 
(Upstream ID not available yet.)
9119d9
9119d9 
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
9119d9 
---
9119d9 
 src/qemu/qemu_driver.c       | 2 +-
9119d9 
 src/remote/remote_protocol.x | 1 +
9119d9 
 2 files changed, 2 insertions(+), 1 deletion(-)
9119d9
9119d9 
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
9119d9 
index 1b08cc4..960bea6 100644
9119d9 
--- a/src/qemu/qemu_driver.c
9119d9 
+++ b/src/qemu/qemu_driver.c
9119d9 
@@ -6119,7 +6119,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
9119d9 
     if (fd < 0)
9119d9 
         goto cleanup;
9119d9
9119d9 
-    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
9119d9 
+    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
9119d9 
         goto cleanup;
9119d9
9119d9 
     ret = qemuDomainDefFormatXML(driver, def, flags);
9119d9 
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
9119d9 
index 82f3902..1265060 100644
9119d9 
--- a/src/remote/remote_protocol.x
9119d9 
+++ b/src/remote/remote_protocol.x
9119d9 
@@ -4764,6 +4764,7 @@ enum remote_procedure {
9119d9 
      * @generate: both
9119d9 
      * @priority: high
9119d9 
      * @acl: domain:read
9119d9 
+     * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
9119d9 
      */
9119d9 
     REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
9119d9
9119d9 
--
9119d9 
2.2.1
9119d9

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation