From c97b296cf8b336ed1a3260af8c8bd79746cb2971 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A1n=20Tomko?= Date: Fri, 14 Jun 2019 09:16:14 +0200 Subject: [PATCH] api: disallow virConnectGetDomainCapabilities on read-only connections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: Ján Tomko Reviewed-by: Daniel P. Berrangé (cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26) Signed-off-by: Ján Tomko --- src/libvirt-domain.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 21c234ecc9..d36aa6b902 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -11314,6 +11314,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn, virResetLastError(); virCheckConnectReturn(conn, NULL); + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->connectGetDomainCapabilities) { char *ret;