From: Ján Tomko <jtomko@redhat.com>
Date: Fri, 18 Sep 2020 15:44:56 +0000 (+0200)
Subject: rpc: gendispatch: handle empty flags
X-Git-Tag: v6.8.0~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=955029bd0ad7ef96000f529ac38204a8f4a96401;p=thirdparty%2Flibvirt.git

rpc: gendispatch: handle empty flags

CVE-2020-25637

Prepare for omission of the <flagname> in remote_protocol.x
@acl annotations:
 @acl: <object>:<permission>:<flagname>
so that we can add more fields after, e.g.:
 @acl: <object>:<permission>::<field>

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---

diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl
index 0b2ae59910..6feb1c8320 100755
--- a/src/rpc/gendispatch.pl
+++ b/src/rpc/gendispatch.pl
@@ -2119,7 +2119,7 @@ elsif ($mode eq "client") {
                 if ($acl[$i]->{object} ne $acl[0]->{object}) {
                     die "acl for '$call->{ProcName}' cannot check different objects";
                 }
-                if (defined $acl[$i]->{flags}) {
+                if (defined $acl[$i]->{flags} && length $acl[$i]->{flags}) {
                     $checkflags = 1;
                 }
             }
@@ -2207,7 +2207,7 @@ elsif ($mode eq "client") {
                     my $method = "virAccessManagerCheck" . $object;
                     my $space = ' ' x length($method);
                     print "    if (";
-                    if (defined $acl->{flags}) {
+                    if (defined $acl->{flags} && length $acl->{flags}) {
                         my $flags = $acl->{flags};
                         if ($flags =~ /^\!/) {
                             $flags = substr $flags, 1;