[PATCH] CVE-2011-1146

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
attached patch adds the missing checks for

https://bugzilla.redhat.com/show_bug.cgi?id=683650

O.k. to apply?
Cheers,
 -- Guido

>From 582e21051ea6d2521a64ed7db5ac162a25599c1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@xxxxxxxxxxx>
Date: Sat, 12 Mar 2011 22:47:45 +0100
Subject: [PATCH] Add missing checks for read only connections

CVE-2011-1146
---
 src/libvirt.c |   23 +++++++++++++++++++++++
 1 files changed, 23 insertions(+), 0 deletions(-)

diff --git a/src/libvirt.c b/src/libvirt.c
index caa109d..be03e05 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -9748,6 +9748,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev)
         return -1;
     }
 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
+
     if (dev->conn->driver->nodeDeviceDettach) {
         int ret;
         ret = dev->conn->driver->nodeDeviceDettach (dev);
@@ -9791,6 +9796,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev)
         return -1;
     }
 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
+
     if (dev->conn->driver->nodeDeviceReAttach) {
         int ret;
         ret = dev->conn->driver->nodeDeviceReAttach (dev);
@@ -9836,6 +9846,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
         return -1;
     }
 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
+
     if (dev->conn->driver->nodeDeviceReset) {
         int ret;
         ret = dev->conn->driver->nodeDeviceReset (dev);
@@ -13131,6 +13146,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
     }
 
     conn = snapshot->domain->conn;
+    if (conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
 
     if (conn->driver->domainRevertToSnapshot) {
         int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
@@ -13177,6 +13196,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
     }
 
     conn = snapshot->domain->conn;
+    if (conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
 
     if (conn->driver->domainSnapshotDelete) {
         int ret = conn->driver->domainSnapshotDelete(snapshot, flags);
-- 
1.7.4.1


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]