CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots

author Peter Krempa <pkrempa@redhat.com>

Tue, 20 Jan 2015 16:01:01 +0000 (17:01 +0100)

committer Eric Blake <eblake@redhat.com>

Thu, 22 Jan 2015 21:10:39 +0000 (14:10 -0700)
author Peter Krempa <pkrempa@redhat.com>
Tue, 20 Jan 2015 16:01:01 +0000 (17:01 +0100)
committer Eric Blake <eblake@redhat.com>
Thu, 22 Jan 2015 21:10:39 +0000 (14:10 -0700)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c

index 1b71e68fd128f1d4e090145ddd275786e6c6f47e..0a124583deb01457a1711d39efebb519823cc053 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -12958,7 +12958,7 @@ static char *qemuDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot,
      if (!(vm = qemuDomObjFromSnapshot(snapshot)))
          goto cleanup;
  
-    if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def) < 0)
+    if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def, flags) < 0)
          goto cleanup;
  
      if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x

index 5658743ea6e81b663c4a744fb50bed8b0abf1475..2e56bedff7a8f5d75dc96e5b382c2c2a82bcc517 100644 (file)
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -4146,6 +4146,7 @@ enum remote_procedure {
       * @generate: both
       * @priority: high
       * @acl: domain:read
+     * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
       */
      REMOTE_PROC_DOMAIN_SNAPSHOT_GET_XML_DESC = 186,
author	Peter Krempa <pkrempa@redhat.com>
	Tue, 20 Jan 2015 16:01:01 +0000 (17:01 +0100)
committer	Eric Blake <eblake@redhat.com>
	Thu, 22 Jan 2015 21:10:39 +0000 (14:10 -0700)
src/qemu/qemu_driver.c		patch \| blob \| blame \| history
src/remote/remote_protocol.x		patch \| blob \| blame \| history