From b77317482326f31c796e16bda24c1eb344be2d21 Mon Sep 17 00:00:00 2001 Message-Id: From: =?UTF-8?q?J=C3=A1n=20Tomko?= Date: Tue, 18 Jun 2019 13:30:01 +0200 Subject: [PATCH] api: disallow virConnectGetDomainCapabilities on read-only connections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: Ján Tomko Reviewed-by: Daniel P. Berrangé Signed-off-by: Ján Tomko Message-Id: Reviewed-by: Jiri Denemark --- src/libvirt-domain.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 3855dfe0dd..a1c913bd86 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -11279,6 +11279,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn, virResetLastError(); virCheckConnectReturn(conn, NULL); + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->connectGetDomainCapabilities) { char *ret; -- 2.22.0