1. Patchew
  2. Libvirt
  3. [libvirt] [PATCH 0/2] Fix permissions checks for virDomainGetTime/Hostname
  4. View patch

[libvirt] [PATCH 1/2] api: disallow virDomainGetHostname for read-only connections

Daniel P. Berrangé posted 2 patches 6 years, 10 months ago
[libvirt] [PATCH 1/2] api: disallow virDomainGetHostname for read-only connections
Posted by Daniel P. Berrangé 6 years, 10 months ago 
The virDomainGetHostname API is fetching guest information and this may
involve use of an untrusted guest agent. As such its use must be
forbidden on a read-only connection to libvirt.

Fixes CVE-2019-3886
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/libvirt-domain.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index be5b1f6740..baf21824fe 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain, unsigned int flags)
     virCheckDomainReturn(domain, NULL);
     conn = domain->conn;
 
+    virCheckReadOnlyGoto(domain->conn->flags, error);
+
     if (conn->driver->domainGetHostname) {
         char *ret;
         ret = conn->driver->domainGetHostname(domain, flags);
-- 
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/2] api: disallow virDomainGetHostname for read-only connections
Posted by Jim Fehlig 6 years, 10 months ago 
On 4/3/19 8:00 AM, Daniel P. Berrangé wrote:
> The virDomainGetHostname API is fetching guest information and this may
> involve use of an untrusted guest agent. As such its use must be
> forbidden on a read-only connection to libvirt.
> 
> Fixes CVE-2019-3886
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>   src/libvirt-domain.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
> index be5b1f6740..baf21824fe 100644
> --- a/src/libvirt-domain.c
> +++ b/src/libvirt-domain.c
> @@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain, unsigned int flags)
>       virCheckDomainReturn(domain, NULL);
>       conn = domain->conn;
>   
> +    virCheckReadOnlyGoto(domain->conn->flags, error);
> +
>       if (conn->driver->domainGetHostname) {
>           char *ret;
>           ret = conn->driver->domainGetHostname(domain, flags);
> 

Heh, I thought this and 2/2 were pushed already :-).

Reviewed-by: Jim Fehlig <jfehlig@suse.com>

Regards,
Jim

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.