External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 11:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
c666661bbc
libvirt/src/rpc
History
Daniel P. Berrange e4cb850081 rpc: avoid ssh interpreting malicious hostname as arguments 
Inspired by the recent GIT / Mercurial security flaws
(http://blog.recurity-labs.com/2017-08-10/scm-vulns),
consider someone/something manages to feed libvirt a bogus
URI such as:

  virsh -c qemu+ssh://-oProxyCommand=gnome-calculator/system

In this case, the hosname "-oProxyCommand=gnome-calculator"
will get interpreted as an argument to ssh, not a hostname.
Fortunately, due to the set of args we have following the
hostname, SSH will then interpret our bit of shell script
that runs 'nc' on the remote host as a cipher name, which is
clearly invalid. This makes ssh exit during argv parsing and
so it never tries to run gnome-calculator.

We are lucky this time, but lets be more paranoid, by using
'--' to explicitly tell SSH when it has finished seeing
command line options. This forces it to interpret
"-oProxyCommand=gnome-calculator" as a hostname, and thus
see a fail from hostname lookup.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-08-29 18:02:03 +01:00
..
gendispatch.pl rpc: improve error message for bounds check 2017-07-11 15:16:41 +01:00
genprotocol.pl
gensystemtap.pl
virkeepalive.c rpc: fix keep alive timer segfault 2017-04-24 12:19:13 +02:00
virkeepalive.h
virkeepaliveprotocol.x
virnetclient.c Introduce VIR_NET_STREAM_HOLE message type 2017-05-18 07:42:13 +02:00
virnetclient.h
virnetclientprogram.c rpc: first allocate the memory and then set the count 2017-06-12 19:11:30 -04:00
virnetclientprogram.h
virnetclientstream.c virNetClientStreamQueuePacket: Set st->incomingEOF on the end of stream 2017-06-07 18:00:25 +02:00
virnetclientstream.h Introduce virNetClientStreamRecvHole 2017-05-18 07:42:13 +02:00
virnetdaemon.c virNetDaemonCallInhibit: Call virNetDaemonGotInhibitReply properly 2017-08-01 11:37:51 +02:00
virnetdaemon.h
virnetlibsshsession.c
virnetlibsshsession.h
virnetmessage.c rpc: Double buffer size instead of quadrupling buffer size. 2017-05-26 13:53:31 +01:00
virnetmessage.h
virnetprotocol.x rpc: Bump maximum message size to 32M 2017-05-24 14:02:29 +02:00
virnetsaslcontext.c Ignore SASL deprecation warnings on OS-X 2017-04-19 10:51:51 +01:00
virnetsaslcontext.h
virnetserver.c refactoring: Use the return value of virObjectRef directly 2017-04-10 14:49:20 +02:00
virnetserver.h
virnetserverclient.c rpc: serverclient: Add option to suppress errors on EOF 2017-03-17 17:20:22 +01:00
virnetserverclient.h rpc: serverclient: Add option to suppress errors on EOF 2017-03-17 17:20:22 +01:00
virnetservermdns.c Use ATTRIBUTE_FALLTHROUGH 2017-06-12 19:11:30 -04:00
virnetservermdns.h
virnetserverprogram.c daemon: Introduce virNetServerProgramSendStreamHole 2017-05-18 07:42:13 +02:00
virnetserverprogram.h daemon: Introduce virNetServerProgramSendStreamHole 2017-05-18 07:42:13 +02:00
virnetserverservice.c rpc: Fix potentially segfaults 2017-02-12 15:02:42 -05:00
virnetserverservice.h
virnetsocket.c rpc: avoid ssh interpreting malicious hostname as arguments 2017-08-29 18:02:03 +01:00
virnetsocket.h Revert "Prevent more compiler optimization of mockable functions" 2017-07-13 13:07:06 +01:00
virnetsshsession.c
virnetsshsession.h
virnettlscontext.c Report what TLS priority string we use for a session 2017-03-16 11:03:33 +00:00
virnettlscontext.h