CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots

The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the appropriate permission for it. Found via code inspection while fixing permissions for save images. (cherry picked from commit b347c0c2)

CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the appropriate permission for it. Found via code inspection while fixing permissions for save images. (cherry picked from commit b347c0c2)
7195a5fa · Peter Krempa · Eric Blake · 41358b7e · 7195a5fa · 7195a5fa
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

src/qemu/qemu_driver.c src/qemu/qemu_driver.c +1 -1

src/remote/remote_protocol.x src/remote/remote_protocol.x +1 -0

未找到文件。
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -14404,7 +14404,7 @@ qemuDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot,
    if (!(vm = qemuDomObjFromSnapshot(snapshot)))
        return NULL;

-    if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def) < 0)
+    if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def, flags) < 0)
        goto cleanup;

    if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))

--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -4480,6 +4480,7 @@ enum remote_procedure {
     * @generate: both
     * @priority: high
     * @acl: domain:read
+     * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
     */
    REMOTE_PROC_DOMAIN_SNAPSHOT_GET_XML_DESC = 186,