[libvirt] [PATCH] Error out on missing machine type in machine configs
Commit f1a89a8 allowed parsing configs from /etc/libvirt without validating the emulator capabilities. Check for the presence of os->type.machine even if the VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag is set, otherwise the daemon can crash on carelessly crafted input in the config directory. https://bugzilla.redhat.com/show_bug.cgi?id=1267256 --- src/conf/domain_conf.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 67415fa..5d3fed0 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -14841,6 +14841,12 @@ virDomainDefParseXML(xmlDocPtr xml, goto error; } VIR_FREE(capsdata); + } else { + if (!def->os.machine) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Missing machine type")); + goto error; + } } /* Extract domain name */ -- 2.4.10
On 02/11/2016 07:07 AM, Ján Tomko wrote:
Commit f1a89a8 allowed parsing configs from /etc/libvirt without validating the emulator capabilities.
Check for the presence of os->type.machine even if the VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag is set, otherwise the daemon can crash on carelessly crafted input in the config directory.
https://bugzilla.redhat.com/show_bug.cgi?id=1267256 --- src/conf/domain_conf.c | 6 ++++++ 1 file changed, 6 insertions(+)
ACK John
On 02/11/2016 07:07 AM, Ján Tomko wrote:
Commit f1a89a8 allowed parsing configs from /etc/libvirt without validating the emulator capabilities.
Check for the presence of os->type.machine even if the VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag is set, otherwise the daemon can crash on carelessly crafted input in the config directory.
https://bugzilla.redhat.com/show_bug.cgi?id=1267256 --- src/conf/domain_conf.c | 6 ++++++ 1 file changed, 6 insertions(+)
Upon further review... I recently was running my libvirtd in debug and saw the following: 2016-02-24 12:29:00.920+0000: 19016: error : virDomainDefParseXML:14857 : internal error: Missing machine type 2016-02-24 12:29:00.920+0000: 19016: error : virDomainDefParseXML:14857 : internal error: Missing machine type After a short amount of digging I found that my two lxc sample domains were now "lost". I think this needs to be reverted. John
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 67415fa..5d3fed0 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -14841,6 +14841,12 @@ virDomainDefParseXML(xmlDocPtr xml, goto error; } VIR_FREE(capsdata); + } else { + if (!def->os.machine) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Missing machine type")); + goto error; + } }
/* Extract domain name */
On Wed, Feb 24, 2016 at 02:08:41PM -0500, John Ferlan wrote:
On 02/11/2016 07:07 AM, Ján Tomko wrote:
Commit f1a89a8 allowed parsing configs from /etc/libvirt without validating the emulator capabilities.
Check for the presence of os->type.machine even if the VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag is set, otherwise the daemon can crash on carelessly crafted input in the config directory.
https://bugzilla.redhat.com/show_bug.cgi?id=1267256 --- src/conf/domain_conf.c | 6 ++++++ 1 file changed, 6 insertions(+)
Upon further review... I recently was running my libvirtd in debug and saw the following:
2016-02-24 12:29:00.920+0000: 19016: error : virDomainDefParseXML:14857 : internal error: Missing machine type 2016-02-24 12:29:00.920+0000: 19016: error : virDomainDefParseXML:14857 : internal error: Missing machine type
After a short amount of digging I found that my two lxc sample domains were now "lost".
I think this needs to be reverted.
That seems to be the best solution for this release. Patch sent: https://www.redhat.com/archives/libvir-list/2016-February/msg01248.html Jan
participants (2)
-
John Ferlan -
Ján Tomko