External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-18 10:35:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

api: disallow virDomainManagedSaveDefineXML on read-only connections

Browse Source 
The virDomainManagedSaveDefineXML can be used to alter the domain's
config used for managedsave or even execute arbitrary emulator binaries.
Forbid it on read-only connections.

Fixes: CVE-2019-10166
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Ján Tomko 2019-06-14 09:14:53 +02:00
parent 8cf159fed4
commit e7d9c8899f
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/libvirt-domain.c
View File

@ -9421,6 +9421,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, const char *dxml,
virCheckDomainReturn(domain, -1); virCheckDomainReturn(domain, -1);
conn = domain->conn; conn = domain->conn;
virCheckReadOnlyGoto(conn->flags, error);
if (conn->driver->domainManagedSaveDefineXML) { if (conn->driver->domainManagedSaveDefineXML) {
int ret; int ret;