]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 540872c)
CVE-2015-0236: qemu: Check ACLs when dumping security info from save image
authorPeter Krempa <pkrempa@redhat.com>
Tue, 20 Jan 2015 16:01:01 +0000 (17:01 +0100)
committerEric Blake <eblake@redhat.com>
Thu, 22 Jan 2015 21:10:39 +0000 (14:10 -0700)
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
appropriate permission for it.

(cherry picked from commit 03c3c0c874c84dfa51ef17556062b095c6e1c0a3)

src/qemu/qemu_driver.c patch | blob | blame | history
src/remote/remote_protocol.x patch | blob | blame | history

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 5a828ef7d481acdec4e92fbe9d7537e0e42fe998..1b71e68fd128f1d4e090145ddd275786e6c6f47e 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5295,7 +5295,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
     if (fd < 0)
         goto cleanup;
 
-    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
+    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
         goto cleanup;
 
     ret = qemuDomainDefFormatXML(driver, def, flags);
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index 55ffdd0fdffb2d724ee0bb4755821df025a9c4f2..5658743ea6e81b663c4a744fb50bed8b0abf1475 100644 (file)
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -4474,6 +4474,7 @@ enum remote_procedure {
      * @generate: both
      * @priority: high
      * @acl: domain:read
+     * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
      */
     REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
 
Mirror of https://github.com/libvirt/libvirt.git