mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-08-28 03:21:19 +00:00
api: disallow virDomainGetHostname for read-only connections
The virDomainGetHostname API is fetching guest information and this may involve use of an untrusted guest agent. As such its use must be forbidden on a read-only connection to libvirt. Fixes CVE-2019-3886 Reviewed-by: Jim Fehlig <jfehlig@suse.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
ec59a95a2c
commit
2a07c990bd
@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain, unsigned int flags)
|
|||||||
virCheckDomainReturn(domain, NULL);
|
virCheckDomainReturn(domain, NULL);
|
||||||
conn = domain->conn;
|
conn = domain->conn;
|
||||||
|
|
||||||
|
virCheckReadOnlyGoto(domain->conn->flags, error);
|
||||||
|
|
||||||
if (conn->driver->domainGetHostname) {
|
if (conn->driver->domainGetHostname) {
|
||||||
char *ret;
|
char *ret;
|
||||||
ret = conn->driver->domainGetHostname(domain, flags);
|
ret = conn->driver->domainGetHostname(domain, flags);
|
||||||
|
Loading…
Reference in New Issue
Block a user