External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 20:45:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

api: disallow virDomainGetHostname for read-only connections

Browse Source 
The virDomainGetHostname API is fetching guest information and this may
involve use of an untrusted guest agent. As such its use must be
forbidden on a read-only connection to libvirt.

Fixes CVE-2019-3886
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2019-03-27 10:59:58 +00:00
parent ec59a95a2c
commit 2a07c990bd
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libvirt-domain.c
View File

@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain, unsigned int flags)
virCheckDomainReturn(domain, NULL);
conn = domain->conn;
virCheckReadOnlyGoto(domain->conn->flags, error);
if (conn->driver->domainGetHostname) {
char *ret;
ret = conn->driver->domainGetHostname(domain, flags);