diff options
author | Martin Kletzander <mkletzan@redhat.com> | 2014-11-27 15:47:52 +0100 |
---|---|---|
committer | Martin Kletzander <mkletzan@redhat.com> | 2014-12-10 09:37:37 +0100 |
commit | 27431ec96e617f186bd3f5900aeb7d622770533a (patch) | |
tree | 57951d102625fae59378a49f0c51d858253a4f56 | |
parent | 6842f1480a9663c003cb92a38290dc79263a9e54 (diff) | |
download | libvirt-27431ec96e617f186bd3f5900aeb7d622770533a.tar.gz |
CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
When user doesn't have read access on one of the domains he requested,
the for loop could exit abruptly or continue and override pointer which
pointed to locked object.
This patch fixed two issues at once. One is that domflags might have
had QEMU_DOMAIN_STATS_HAVE_JOB even when there was no job started (this
is fixed by doing domflags |= QEMU_DOMAIN_STATS_HAVE_JOB only when the
job was acquired and cleaning domflags on every start of the loop.
Second one is that the domain is kept locked when
virConnectGetAllDomainStatsCheckACL() fails and continues the loop when
it didn't end. Adding a simple virObjectUnlock() and clearing the
pointer ought to do.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 57023c0a3af4af1c547189c1f6712ed5edeb0c0b)
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Conflicts:
src/qemu/qemu_driver.c -- GetAllDomainStats did not use jobs
before 1f4831ee
-rw-r--r-- | src/qemu/qemu_driver.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 291f490414..861f541de0 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -17368,8 +17368,11 @@ qemuConnectGetAllDomainStats(virConnectPtr conn, continue; if (!domlist && - !virConnectGetAllDomainStatsCheckACL(conn, dom->def)) + !virConnectGetAllDomainStatsCheckACL(conn, dom->def)) { + virObjectUnlock(dom); + dom = NULL; continue; + } if (qemuDomainGetStats(conn, dom, stats, &tmp, flags) < 0) goto cleanup; |