1. 11 12月, 2013 1 次提交
  2. 10 12月, 2013 1 次提交
  3. 18 10月, 2013 1 次提交
  4. 27 9月, 2013 1 次提交
    • D
      Fix crash in libvirtd when events are registered & ACLs active · 8294aa0c
      Daniel P. Berrange 提交于
      When a client disconnects from libvirtd, all event callbacks
      must be removed. This involves running the public API
      
        virConnectDomainEventDeregisterAny
      
      This code does not run in normal API dispatch context, so no
      identity was set. The result was that the access control drivers
      denied the attempt to deregister callbacks. The callbacks thus
      continued to trigger after the client was free'd causing fairly
      predictable use of free memory & a crash.
      
      This can be triggered by any client with readonly access when
      the ACL drivers are active.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      8294aa0c
  5. 24 9月, 2013 1 次提交
  6. 20 9月, 2013 1 次提交
  7. 19 9月, 2013 1 次提交
    • D
      Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) · e7f400a1
      Daniel P. Berrange 提交于
      The 'stats' variable was not initialized to NULL, so if some
      early validation of the RPC call fails, it is possible to jump
      to the 'cleanup' label and VIR_FREE an uninitialized pointer.
      This is a security flaw, since the API can be called from a
      readonly connection which can trigger the validation checks.
      
      This was introduced in release v0.9.1 onwards by
      
        commit 158ba873
        Author: Daniel P. Berrange <berrange@redhat.com>
        Date:   Wed Apr 13 16:21:35 2011 +0100
      
          Merge all returns paths from dispatcher into single path
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e7f400a1
  8. 18 9月, 2013 1 次提交
    • D
      Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) · 922b7fda
      Daniel P. Berrange 提交于
      With the existing pkcheck (pid, start time) tuple for identifying
      the process, there is a race condition, where a process can make
      a libvirt RPC call and in another thread exec a setuid application,
      causing it to change to effective UID 0. This in turn causes polkit
      to do its permission check based on the wrong UID.
      
      To address this, libvirt must get the UID the caller had at time
      of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
      triple to the pkcheck program.
      
      This fix requires that libvirt is re-built against a version of
      polkit that has the fix for its CVE-2013-4288, so that libvirt
      can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'
      Signed-off-by: NColin Walters <walters@redhat.com>
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      922b7fda
  9. 04 9月, 2013 1 次提交
  10. 29 8月, 2013 11 次提交
  11. 18 7月, 2013 2 次提交
  12. 10 7月, 2013 2 次提交
  13. 25 6月, 2013 1 次提交
  14. 31 5月, 2013 1 次提交
    • E
      build: cast [ug]id_t when printing · f43bb1dc
      Eric Blake 提交于
      This is a recurring problem for cygwin :)
      For example, see commit 23a4df88.
      
      qemu/qemu_driver.c: In function 'qemuStateInitialize':
      qemu/qemu_driver.c:691:13: error: format '%d' expects type 'int', but argument 8 has type 'uid_t' [-Wformat]
      
      * src/qemu/qemu_driver.c (qemuStateInitialize): Add casts.
      * daemon/remote.c (remoteDispatchAuthList): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      f43bb1dc
  15. 21 5月, 2013 1 次提交
  16. 16 5月, 2013 1 次提交
    • J
      daemon: fix leak after listing all volumes · ca697e90
      Ján Tomko 提交于
      CVE-2013-1962
      
      remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool.
      The pool also held a reference to the connection, preventing it from
      getting freed and closing the netcf interface driver, which held two
      sockets open.
      ca697e90
  17. 09 5月, 2013 1 次提交
  18. 08 5月, 2013 1 次提交
  19. 05 5月, 2013 1 次提交
  20. 03 5月, 2013 1 次提交
  21. 02 5月, 2013 1 次提交
    • M
      virutil: Move string related functions to virstring.c · 7c9a2d88
      Michal Privoznik 提交于
      The source code base needs to be adapted as well. Some files
      include virutil.h just for the string related functions (here,
      the include is substituted to match the new file), some include
      virutil.h without any need (here, the include is removed), and
      some require both.
      7c9a2d88
  22. 24 4月, 2013 2 次提交
  23. 18 4月, 2013 1 次提交
  24. 13 3月, 2013 1 次提交
    • D
      Remove hack using existance of an 'identity' string to disable auth · be27de6e
      Daniel P. Berrange 提交于
      Currently the server determines whether authentication of clients
      is complete, by checking whether an identity is set. This patch
      removes that lame hack and replaces it with an explicit method
      for changing the client auth code
      
      * daemon/remote.c: Update for new APis
      * src/libvirt_private.syms, src/rpc/virnetserverclient.c,
        src/rpc/virnetserverclient.h: Remove virNetServerClientGetIdentity
        and virNetServerClientSetIdentity, adding a new method
        virNetServerClientSetAuth.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      be27de6e
  25. 23 2月, 2013 1 次提交
  26. 18 1月, 2013 1 次提交
  27. 16 1月, 2013 1 次提交