External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-24 21:45:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Avoid using stale data in virDomainGetBlockInfo

Browse Source 
CVE-2013-6458

Generally, every API that is going to begin a job should do that before
fetching data from vm->def. However, qemuDomainGetBlockInfo does not
know whether it will have to start a job or not before checking vm->def.
To avoid using disk alias that might have been freed while we were
waiting for a job, we use its copy. In case the disk was removed in the
meantime, we will fail with "cannot find statistics for device '...'"
error message.

(cherry picked from commit b799259583bd65c0b2f5042e6c3ff19637ade881)
This commit is contained in:
Jiri Denemark 2013-12-20 14:50:02 +01:00 committed by Eric Blake
parent 17db7e28a1
commit 54cb7f05ec
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/qemu/qemu_driver.c
View File

@ -9706,10 +9706,12 @@ cleanup:
} }
static int qemuDomainGetBlockInfo(virDomainPtr dom, static int
const char *path, qemuDomainGetBlockInfo(virDomainPtr dom,
virDomainBlockInfoPtr info, const char *path,
unsigned int flags) { virDomainBlockInfoPtr info,
unsigned int flags)
{
virQEMUDriverPtr driver = dom->conn->privateData; virQEMUDriverPtr driver = dom->conn->privateData;
virDomainObjPtr vm; virDomainObjPtr vm;
int ret = -1; int ret = -1;
@ -9721,6 +9723,7 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
int idx; int idx;
int format; int format;
virQEMUDriverConfigPtr cfg = NULL; virQEMUDriverConfigPtr cfg = NULL;
char *alias = NULL;
virCheckFlags(0, -1); virCheckFlags(0, -1);
@ -9827,13 +9830,16 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
virDomainObjIsActive(vm)) { virDomainObjIsActive(vm)) {
qemuDomainObjPrivatePtr priv = vm->privateData; qemuDomainObjPrivatePtr priv = vm->privateData;
if (VIR_STRDUP(alias, disk->info.alias) < 0)
goto cleanup;
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0) if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
goto cleanup; goto cleanup;
if (virDomainObjIsActive(vm)) { if (virDomainObjIsActive(vm)) {
qemuDomainObjEnterMonitor(driver, vm); qemuDomainObjEnterMonitor(driver, vm);
ret = qemuMonitorGetBlockExtent(priv->mon, ret = qemuMonitorGetBlockExtent(priv->mon,
disk->info.alias, alias,
&info->allocation); &info->allocation);
qemuDomainObjExitMonitor(driver, vm); qemuDomainObjExitMonitor(driver, vm);
} else { } else {
@ -9847,6 +9853,7 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
} }
cleanup: cleanup:
VIR_FREE(alias);
virStorageFileFreeMetadata(meta); virStorageFileFreeMetadata(meta);
VIR_FORCE_CLOSE(fd); VIR_FORCE_CLOSE(fd);
if (vm) if (vm)