From 20a2fc74e717ca21e1a183b4e210872eb0c56be9 Mon Sep 17 00:00:00 2001 Message-Id: <20a2fc74e717ca21e1a183b4e210872eb0c56be9@dist-git> From: =?UTF-8?q?J=C3=A1n=20Tomko?= Date: Tue, 18 Jun 2019 13:30:00 +0200 Subject: [PATCH] api: disallow virDomainManagedSaveDefineXML on read-only connections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The virDomainManagedSaveDefineXML can be used to alter the domain's config used for managedsave or even execute arbitrary emulator binaries. Forbid it on read-only connections. Fixes: CVE-2019-10166 Reported-by: Matthias Gerstner Signed-off-by: Ján Tomko Reviewed-by: Daniel P. Berrangé Signed-off-by: Ján Tomko Message-Id: <352bf5e963a6482d426f97b0ef36ca019e69280b.1560857354.git.jtomko@redhat.com> Reviewed-by: Jiri Denemark --- src/libvirt-domain.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 697326ae9a..b936dd8eb7 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -9495,6 +9495,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, const char *dxml, virCheckDomainReturn(domain, -1); conn = domain->conn; + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->domainManagedSaveDefineXML) { int ret; -- 2.22.0