Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
Go to file
Peter Krempa 750280023c CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk
Live definition was used to look up the disk index while persistent one
was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the
correct def and report a nice error.

Unfortunately it's accessible via read-only connection, though it can
only crash libvirtd in the cases where the guest is hot-plugging disks
without reflecting those changes to the persistent definition.  So
avoiding hotplug, or doing hotplug where persistent is always modified
alongside live definition, will avoid the out-of-bounds access.

Introduced in: eca96694a7f992be633d48d5ca03cedc9bbc3c9aa (v0.9.8)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724
Reported-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>

(cherry picked from commit 3e745e8f77)

Conflicts:
	src/qemu/qemu_driver.c - context due to fewer functions
2014-09-17 22:39:26 -06:00
.gnulib@bb2f5640d5 build: fix bootstrap on RHEL 2012-04-25 16:25:49 -06:00
daemon Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) 2013-09-18 21:10:27 -06:00
docs string: make VIR_STRDUP easier to use 2014-01-11 13:27:10 +01:00
examples Revert "Refactor the libvirt RPM daemon pieces" 2012-04-03 14:49:31 +08:00
gnulib build: fix fresh checkout on RHEL5 2012-04-19 17:11:43 -06:00
include blockjob: add new API flags 2012-04-23 07:44:29 -06:00
m4 build: allow building with newer glibc-headers and -O0 2013-09-18 16:50:56 -06:00
po Prepare for 0.9.12.3 2014-01-16 10:50:23 +01:00
python Coverity: Fix the forward_null error in Python binding codes 2012-05-04 10:23:57 +08:00
src CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk 2014-09-17 22:39:26 -06:00
tests string: test VIR_STRDUP 2014-01-11 13:28:17 +01:00
tools build: use proper pod for nested bulleted VIRSH_DEBUG list 2014-03-20 08:51:50 -06:00
.dir-locals.el maint: let emacs avoid tabs in rng files 2011-08-13 08:56:26 -06:00
.gitignore Introduce APIs for splitting/joining strings 2013-09-18 21:10:20 -06:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap maint: prune duplicate listings in AUTHORS 2012-02-03 09:56:45 -07:00
AUTHORS util: add functions for interating over json object 2012-05-03 09:07:25 -06:00
autobuild.sh Enable all warnings permanently & default to -Werror for GIT builds 2012-03-27 17:08:06 +01:00
autogen.sh build: allow for local gnulib diffs 2011-11-09 09:03:33 -07:00
bootstrap build: fix bootstrap on RHEL 2012-04-25 16:25:49 -06:00
bootstrap.conf build: fix bootstrap on RHEL 2012-04-25 16:25:49 -06:00
cfg.mk Introduce virReportError macro for general error reporting 2014-01-11 13:40:24 +01:00
ChangeLog-old virterror.c: Fix several spelling mistakes 2012-02-03 11:32:51 -07:00
configure.ac Prepare for 0.9.12.3 2014-01-16 10:50:23 +01:00
COPYING.LIB remove all trailing blank lines 2009-07-16 15:06:42 +02:00
HACKING string: make VIR_STRDUP easier to use 2014-01-11 13:27:10 +01:00
libvirt.pc.in Fix typos in API XML file paths 2012-02-15 11:29:38 +00:00
libvirt.spec.in Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) 2013-09-18 21:10:27 -06:00
Makefile.am maint: add missing copyright notices 2011-07-28 15:01:17 -06:00
Makefile.nonreentrant Ban use of all inet_* functions 2010-10-22 11:59:23 +01:00
mingw32-libvirt.spec.in Fix typos in API XML file paths 2012-02-15 11:29:38 +00:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>