- 24 6月, 2019 4 次提交
-
-
由 Ján Tomko 提交于
These APIs can be used to execute arbitrary emulators. Forbid them on read-only connections. Fixes: CVE-2019-10168 Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit bf6c2830) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 8afa68ba) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
The virDomainManagedSaveDefineXML can be used to alter the domain's config used for managedsave or even execute arbitrary emulator binaries. Forbid it on read-only connections. Fixes: CVE-2019-10166 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit db0b7845) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit aed6a032) Signed-off-by: NJán Tomko <jtomko@redhat.com> Conflicts: src/libvirt-domain.c src/remote/remote_protocol.x Upstream commit 12a51f37 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE alias for VIR_DOMAIN_XML_SECURE is not backported. Just skip the commit since we now disallow the whole API on read-only connections, regardless of the flag. Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 21 5月, 2019 3 次提交
-
-
由 Daniel P. Berrangé 提交于
The virtlogd daemon's only intended client is the libvirtd daemon. As such it should never allow clients from other user accounts to connect. The code already enforces this and drops clients from other UIDs, but we can get earlier (and thus stronger) protection against DoS by setting the socket permissions to 0600 Fixes CVE-2019-10132 Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit e37bd65f)
-
由 Daniel P. Berrangé 提交于
The virtlockd daemon's only intended client is the libvirtd daemon. As such it should never allow clients from other user accounts to connect. The code already enforces this and drops clients from other UIDs, but we can get earlier (and thus stronger) protection against DoS by setting the socket permissions to 0600 Fixes CVE-2019-10132 Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit f111e094)
-
由 Daniel P. Berrangé 提交于
The admin protocol RPC messages are only intended for use by the user running the daemon. As such they should not be allowed for any client UID that does not match the server UID. Fixes CVE-2019-10132 Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 96f41cd7)
-
- 06 8月, 2018 1 次提交
-
-
由 Daniel Veillard 提交于
* docs/news.xml: updated for release Signed-off-by: NDaniel Veillard <veillard@redhat.com>
-
- 03 8月, 2018 1 次提交
-
-
由 Matthias Bolte 提交于
Since commit ae83e02f#l3393 the newPowerInfo pointer itself is used to track the ownership of the AutoStartPowerInfo object to make Coverity understand the code better. This broke the code that unset some members of the AutoStartPowerInfo object that should not be freed the normal way. Instead, transfer ownership of the AutoStartPowerInfo object to the HostAutoStartManagerConfig object before filling in the values that need special handling. This allows to free the AutoStartPowerInfo directly without having to deal with the special values, or to let the old (now restored) logic handle the special values again. Signed-off-by: NMatthias Bolte <matthias.bolte@googlemail.com> Tested-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 02 8月, 2018 2 次提交
-
-
由 Daniel P. Berrangé 提交于
virRandomBits is implemented in terms of virRandomBytes. Although we mock virRandomBytes to give a stable value, this is not sufficient to make virRandomBits give a stable value. The result of virRandomBits will vary depending on endianness. Thus we mock virRandomBits to return a stable value directly. Reviewed-by: NBoris Fiuczynski <fiuczy@linux.ibm.com> Tested-by: NBoris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Julio Faracco 提交于
This commit fixes a segmentation fault caused by missing conditional to check if libxl configuration was properly created by the test. If the configuration was not properly created, libxlDriverConfigNew() function will return NULL and cause a segfault at cfg->caps = NULL during the cleanup. Signed-off-by: NJulio Faracco <jcfaracco@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
- 01 8月, 2018 7 次提交
-
-
由 Michal Privoznik 提交于
In virStorageBackendCreateIfaceIQN() the virRandomBits() is called in order to use random bits to generate random name for new interface. However, virAsprintf() is expecting 32 bits and we are requesting only 30. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NPino Toscano <ptoscano@redhat.com>
-
由 Michal Privoznik 提交于
The function is supposed to return up to 64bit long integer. In order to do that it calls virRandomBytes() to fill the integer with random bytes and then masks out everything but requested bits. However, when doing that it shifts 1U and not 1ULL. So effectively, requesting 32 random bis or more always return 0 which is not random enough. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NPino Toscano <ptoscano@redhat.com>
-
由 Peter Krempa 提交于
Explicitly call virJSONInitialize at startup of the libvirt daemon so that we are sure that the symbols in the compat library are properly loaded. This will prevent any random failure from happening later on when the daemon would want to use the JSON parser. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Jansson does not put a newline at the end of formatted JSON strings. This breaks the qemucapsprobe utility as we need to keep the spacing so that tests work. Add an explicit newline. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
commit 8d9ca6cd refactored qemuMonitorJSONBlockStatsCollectData so that the number of stats is passed back via a pointer. The commit failed to fix the macro which increments the number of stats to increment the actual pointee. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Daniel P. Berrangé 提交于
The jansson and json-glib libraries both export symbols with a json_ name prefix and json_object_iter_next() clashes between them. Unfortunately json-glib is linked in by GTK, so any app using GTK and libvirt will get a clash, resulting in SEGV. This also affects the NSS module provided by libvirt Instead of directly linking to jansson, use dlopen() with the RTLD_LOCAL flag which allows us to hide the symbols from the application that loads libvirt or the NSS module. Some preprocessor black magic and wrapper functions are used to redirect calls into the dlopen resolved symbols. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 31 7月, 2018 2 次提交
-
-
由 Daniel P. Berrangé 提交于
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Erik Skultety 提交于
Commit d48813e8 made sure we wouldn't get one for i440fx, but not for Q35 machine type. If the primary video didn't get the assumed 0:0:1.0 PCI address, the evaluation then failed with: "Cannot automatically add a new PCI bus for a device with connect flags 00" https://bugzilla.redhat.com/show_bug.cgi?id=1609087Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
- 30 7月, 2018 3 次提交
-
-
由 Michal Privoznik 提交于
This reverts commit 0f80c718. Turns out, our code relies on virCgroupFree(&var) setting var = NULL. Conflicts: src/util/vircgroup.c: context because 94f1855f is not reverted. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Michal Privoznik 提交于
This reverts commit 4da4a9fe. Turns out, our code relies on virCgroupFree(&var) setting var = NULL. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Michal Privoznik 提交于
This reverts commit dd47145a. Turns out, our code relies on virCgroupFree(&var) setting var = NULL. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
- 28 7月, 2018 3 次提交
-
-
由 Julio Faracco 提交于
After some recent patches, clang is throwing some errors related to unused variables. This is not happening when we use GCC with -Werror enabled. Only clang reports this warning. make[3]: Entering directory '/home/julio/Desktop/virt/libvirt/src' CC util/libvirt_util_la-virscsivhost.lo CC util/libvirt_util_la-virusb.lo CC util/libvirt_util_la-virmdev.lo util/virmdev.c:373:36: error: unused variable 'ret' [-Werror,-Wunused-variable] VIR_AUTOPTR(virMediatedDevice) ret = virMediatedDeviceListSteal(list, dev); ^ 1 error generated. Makefile:11579: recipe for target 'util/libvirt_util_la-virmdev.lo' failed make[3]: *** [util/libvirt_util_la-virmdev.lo] Error 1 make[3]: *** Waiting for unfinished jobs.... util/virscsivhost.c:112:37: error: unused variable 'tmp' [-Werror,-Wunused-variable] VIR_AUTOPTR(virSCSIVHostDevice) tmp = virSCSIVHostDeviceListSteal(list, dev); ^ 1 error generated. Makefile:11411: recipe for target 'util/libvirt_util_la-virscsivhost.lo' failed make[3]: *** [util/libvirt_util_la-virscsivhost.lo] Error 1 util/virusb.c:511:31: error: unused variable 'ret' [-Werror,-Wunused-variable] VIR_AUTOPTR(virUSBDevice) ret = virUSBDeviceListSteal(list, dev); Signed-off-by: NJulio Faracco <jcfaracco@gmail.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Cole Robinson 提交于
Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
So after 00dc991c the function is one line long and the line is declaring a variable which is never used in fact. Replace it with actual free() call instead of autofree. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 27 7月, 2018 14 次提交
-
-
由 Sukrit Bhatnagar 提交于
By making use of GNU C's cleanup attribute handled by the VIR_AUTOPTR macro for declaring aggregate pointer variables, majority of the calls to *Free functions can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
By making use of GNU C's cleanup attribute handled by the VIR_AUTOPTR macro for declaring aggregate pointer variables, majority of the calls to *Free functions can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
By making use of GNU C's cleanup attribute handled by the VIR_AUTOPTR macro for declaring aggregate pointer variables, majority of the calls to *Free functions can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
Using the new VIR_DEFINE_AUTOPTR_FUNC macro defined in src/util/viralloc.h, define a new wrapper around an existing cleanup function which will be called when a variable declared with VIR_AUTOPTR macro goes out of scope. Also, drop the redundant viralloc.h include, since that has moved from the source module into the header. When a variable of type virNetDevVlanPtr is declared using VIR_AUTOPTR, the function virNetDevVlanFree will be run automatically on it when it goes out of scope. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
By making use of GNU C's cleanup attribute handled by the VIR_AUTOPTR macro for declaring aggregate pointer variables, majority of the calls to *Free functions can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
Using the new VIR_DEFINE_AUTOPTR_FUNC macro defined in src/util/viralloc.h, define a new wrapper around an existing cleanup function which will be called when a variable declared with VIR_AUTOPTR macro goes out of scope. Also, drop the redundant viralloc.h include, since that has moved from the source module into the header. When a variable of type virSCSIVHostDevicePtr is declared using VIR_AUTOPTR, the function virSCSIVHostDeviceFree will be run automatically on it when it goes out of scope. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
By making use of GNU C's cleanup attribute handled by the VIR_AUTOPTR macro for declaring aggregate pointer variables, majority of the calls to *Free functions can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Sukrit Bhatnagar 提交于
Using the new VIR_DEFINE_AUTOPTR_FUNC macro defined in src/util/viralloc.h, define a new wrapper around an existing cleanup function which will be called when a variable declared with VIR_AUTOPTR macro goes out of scope. Also, drop the redundant viralloc.h include, since that has moved from the source module into the header. When variables of type virSCSIDevicePtr and virUsedByInfoPtr are declared using VIR_AUTOPTR, the functions virSCSIDeviceFree and virSCSIDeviceUsedByInfoFree, respectively, will be run automatically on them when they go out of scope. This commit also adds an intermediate typedef for virUsedByInfo type for use with the cleanup macros. Signed-off-by: NSukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-