tools: ssh-proxy: Check for domain status before parsing its CID

Inactive domain XML can be wildly different to the live XML. For
instance, it can have VSOCK CID of that from another (running)
domain. Since domain status is not checked for, attempting to ssh
into an inactive domain may in fact result in opening a
connection to a different live domain that listens on said CID
currently.

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/737
Resolves: https://issues.redhat.com/browse/RHEL-75577

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

diff --git a/tools/ssh-proxy/ssh-proxy.c b/tools/ssh-proxy/ssh-proxy.c
index e60c58d57fefdfb97b24eb95821d2ae87941939c..22daffeb63ed5fc7bd74b43ffb4af65cd637e647 100644 (file)
--- a/tools/ssh-proxy/ssh-proxy.c
+++ b/tools/ssh-proxy/ssh-proxy.c
@@ -194,7 +194,10 @@ lookupDomainAndFetchCID(const char *uri,
         if (virStrToLong_i(domname, NULL, 10, &id) >= 0)
             dom = virDomainLookupByID(conn, id);
     }
-    if (!dom)
+
+    /* If no domain is found, return an error. Similarly, inactive domain may
+     * contain CID of another (running) domain, yielding misleading results. */
+    if (!dom || virDomainIsActive(dom) <= 0)
         return -1;
 
     return extractCID(dom, cid);