Add missing checks for read only connections

As pointed on CVE-2011-1146, some API forgot to check the read-only
status of the connection for entry point which modify the state
of the system or may lead to a remote execution using user data.
The entry points concerned are:
  - virConnectDomainXMLToNative
  - virNodeDeviceDettach
  - virNodeDeviceReAttach
  - virNodeDeviceReset
  - virDomainRevertToSnapshot
  - virDomainSnapshotDelete

* src/libvirt.c: fix the above set of entry points to error on read-only
                 connections
This commit is contained in:
Guido Günther 2011-03-14 10:56:28 +08:00 committed by Daniel Veillard
parent 13c00dde31
commit 71753cb7f7

View File

@ -3321,6 +3321,10 @@ char *virConnectDomainXMLToNative(virConnectPtr conn,
virDispatchError(NULL); virDispatchError(NULL);
return NULL; return NULL;
} }
if (conn->flags & VIR_CONNECT_RO) {
virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
goto error;
}
if (nativeFormat == NULL || domainXml == NULL) { if (nativeFormat == NULL || domainXml == NULL) {
virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__); virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__);
@ -9748,6 +9752,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev)
return -1; return -1;
} }
if (dev->conn->flags & VIR_CONNECT_RO) {
virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
goto error;
}
if (dev->conn->driver->nodeDeviceDettach) { if (dev->conn->driver->nodeDeviceDettach) {
int ret; int ret;
ret = dev->conn->driver->nodeDeviceDettach (dev); ret = dev->conn->driver->nodeDeviceDettach (dev);
@ -9791,6 +9800,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev)
return -1; return -1;
} }
if (dev->conn->flags & VIR_CONNECT_RO) {
virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
goto error;
}
if (dev->conn->driver->nodeDeviceReAttach) { if (dev->conn->driver->nodeDeviceReAttach) {
int ret; int ret;
ret = dev->conn->driver->nodeDeviceReAttach (dev); ret = dev->conn->driver->nodeDeviceReAttach (dev);
@ -9836,6 +9850,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
return -1; return -1;
} }
if (dev->conn->flags & VIR_CONNECT_RO) {
virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
goto error;
}
if (dev->conn->driver->nodeDeviceReset) { if (dev->conn->driver->nodeDeviceReset) {
int ret; int ret;
ret = dev->conn->driver->nodeDeviceReset (dev); ret = dev->conn->driver->nodeDeviceReset (dev);
@ -13131,6 +13150,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
} }
conn = snapshot->domain->conn; conn = snapshot->domain->conn;
if (conn->flags & VIR_CONNECT_RO) {
virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
goto error;
}
if (conn->driver->domainRevertToSnapshot) { if (conn->driver->domainRevertToSnapshot) {
int ret = conn->driver->domainRevertToSnapshot(snapshot, flags); int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
@ -13177,6 +13200,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
} }
conn = snapshot->domain->conn; conn = snapshot->domain->conn;
if (conn->flags & VIR_CONNECT_RO) {
virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
goto error;
}
if (conn->driver->domainSnapshotDelete) { if (conn->driver->domainSnapshotDelete) {
int ret = conn->driver->domainSnapshotDelete(snapshot, flags); int ret = conn->driver->domainSnapshotDelete(snapshot, flags);