From: Daniel P. Berrangé <berrange@redhat.com>
Date: Wed, 27 Mar 2019 10:59:58 +0000 (+0000)
Subject: api: disallow virDomainGetHostname for read-only connections
X-Git-Tag: v5.3.0-rc1~171
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a07c990bd9143d7a0fe8d1b6b7c763c52185240;p=thirdparty%2Flibvirt.git

api: disallow virDomainGetHostname for read-only connections

The virDomainGetHostname API is fetching guest information and this may
involve use of an untrusted guest agent. As such its use must be
forbidden on a read-only connection to libvirt.

Fixes CVE-2019-3886
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---

diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index be5b1f6740..baf21824fe 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain, unsigned int flags)
     virCheckDomainReturn(domain, NULL);
     conn = domain->conn;
 
+    virCheckReadOnlyGoto(domain->conn->flags, error);
+
     if (conn->driver->domainGetHostname) {
         char *ret;
         ret = conn->driver->domainGetHostname(domain, flags);