mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-25 15:15:25 +00:00
Add missing checks for read only connections
As pointed on CVE-2011-1146, some API forgot to check the read-only status of the connection for entry point which modify the state of the system or may lead to a remote execution using user data. The entry points concerned are: - virConnectDomainXMLToNative - virNodeDeviceDettach - virNodeDeviceReAttach - virNodeDeviceReset - virDomainRevertToSnapshot - virDomainSnapshotDelete * src/libvirt.c: fix the above set of entry points to error on read-only connections
This commit is contained in:
parent
13c00dde31
commit
71753cb7f7
@ -3321,6 +3321,10 @@ char *virConnectDomainXMLToNative(virConnectPtr conn,
|
|||||||
virDispatchError(NULL);
|
virDispatchError(NULL);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
if (conn->flags & VIR_CONNECT_RO) {
|
||||||
|
virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
if (nativeFormat == NULL || domainXml == NULL) {
|
if (nativeFormat == NULL || domainXml == NULL) {
|
||||||
virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__);
|
virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__);
|
||||||
@ -9748,6 +9752,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (dev->conn->flags & VIR_CONNECT_RO) {
|
||||||
|
virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
if (dev->conn->driver->nodeDeviceDettach) {
|
if (dev->conn->driver->nodeDeviceDettach) {
|
||||||
int ret;
|
int ret;
|
||||||
ret = dev->conn->driver->nodeDeviceDettach (dev);
|
ret = dev->conn->driver->nodeDeviceDettach (dev);
|
||||||
@ -9791,6 +9800,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (dev->conn->flags & VIR_CONNECT_RO) {
|
||||||
|
virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
if (dev->conn->driver->nodeDeviceReAttach) {
|
if (dev->conn->driver->nodeDeviceReAttach) {
|
||||||
int ret;
|
int ret;
|
||||||
ret = dev->conn->driver->nodeDeviceReAttach (dev);
|
ret = dev->conn->driver->nodeDeviceReAttach (dev);
|
||||||
@ -9836,6 +9850,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (dev->conn->flags & VIR_CONNECT_RO) {
|
||||||
|
virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
if (dev->conn->driver->nodeDeviceReset) {
|
if (dev->conn->driver->nodeDeviceReset) {
|
||||||
int ret;
|
int ret;
|
||||||
ret = dev->conn->driver->nodeDeviceReset (dev);
|
ret = dev->conn->driver->nodeDeviceReset (dev);
|
||||||
@ -13131,6 +13150,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
|
|||||||
}
|
}
|
||||||
|
|
||||||
conn = snapshot->domain->conn;
|
conn = snapshot->domain->conn;
|
||||||
|
if (conn->flags & VIR_CONNECT_RO) {
|
||||||
|
virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
if (conn->driver->domainRevertToSnapshot) {
|
if (conn->driver->domainRevertToSnapshot) {
|
||||||
int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
|
int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
|
||||||
@ -13177,6 +13200,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
|
|||||||
}
|
}
|
||||||
|
|
||||||
conn = snapshot->domain->conn;
|
conn = snapshot->domain->conn;
|
||||||
|
if (conn->flags & VIR_CONNECT_RO) {
|
||||||
|
virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
if (conn->driver->domainSnapshotDelete) {
|
if (conn->driver->domainSnapshotDelete) {
|
||||||
int ret = conn->driver->domainSnapshotDelete(snapshot, flags);
|
int ret = conn->driver->domainSnapshotDelete(snapshot, flags);
|
||||||
|
Loading…
Reference in New Issue
Block a user