8:07 p.m.
Commit f1a89a8 allowed parsing configs from /etc/libvirt
without validating the emulator capabilities.
Check for the presence of os->type.machine even if the
VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag is set,
otherwise the daemon can crash on carelessly crafted input
in the config directory.
https://bugzilla.redhat.com/show_bug.cgi?id=1267256
---
src/conf/domain_conf.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 67415fa..5d3fed0 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -14841,6 +14841,12 @@ virDomainDefParseXML(xmlDocPtr xml,
goto error;
}
VIR_FREE(capsdata);
+ } else {
+ if (!def->os.machine) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Missing machine type"));
+ goto error;
+ }
}
/* Extract domain name */
--
2.4.10
8:48 p.m.
On 02/11/2016 07:07 AM, Ján Tomko wrote:
Commit f1a89a8 allowed parsing configs from /etc/libvirt
without validating the emulator capabilities.
Check for the presence of os->type.machine even if the
VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag is set,
otherwise the daemon can crash on carelessly crafted input
in the config directory.
https://bugzilla.redhat.com/show_bug.cgi?id=1267256
---
src/conf/domain_conf.c | 6 ++++++
1 file changed, 6 insertions(+)
ACK
John
3:08 a.m.
On 02/11/2016 07:07 AM, Ján Tomko wrote:
Commit f1a89a8 allowed parsing configs from /etc/libvirt
without validating the emulator capabilities.
Check for the presence of os->type.machine even if the
VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag is set,
otherwise the daemon can crash on carelessly crafted input
in the config directory.
https://bugzilla.redhat.com/show_bug.cgi?id=1267256
---
src/conf/domain_conf.c | 6 ++++++
1 file changed, 6 insertions(+)
Upon further review... I recently was running my libvirtd in debug and
saw the following:
2016-02-24 12:29:00.920+0000: 19016: error : virDomainDefParseXML:14857
: internal error: Missing machine type
2016-02-24 12:29:00.920+0000: 19016: error : virDomainDefParseXML:14857
: internal error: Missing machine type
After a short amount of digging I found that my two lxc sample domains
were now "lost".
I think this needs to be reverted.
John
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 67415fa..5d3fed0 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -14841,6 +14841,12 @@ virDomainDefParseXML(xmlDocPtr xml,
goto error;
}
VIR_FREE(capsdata);
+ } else {
+ if (!def->os.machine) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Missing machine type"));
+ goto error;
+ }
}
/* Extract domain name */
8:25 p.m.
On Wed, Feb 24, 2016 at 02:08:41PM -0500, John Ferlan wrote:
On 02/11/2016 07:07 AM, Ján Tomko wrote:
> Commit f1a89a8 allowed parsing configs from /etc/libvirt
> without validating the emulator capabilities.
>
> Check for the presence of os->type.machine even if the
> VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag is set,
> otherwise the daemon can crash on carelessly crafted input
> in the config directory.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1267256
> ---
> src/conf/domain_conf.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
Upon further review... I recently was running my libvirtd in debug and
saw the following:
2016-02-24 12:29:00.920+0000: 19016: error : virDomainDefParseXML:14857
: internal error: Missing machine type
2016-02-24 12:29:00.920+0000: 19016: error : virDomainDefParseXML:14857
: internal error: Missing machine type
After a short amount of digging I found that my two lxc sample domains
were now "lost".
I think this needs to be reverted.
That seems to be the best solution for this release.
Patch sent:
https://www.redhat.com/archives/libvir-list/2016-February/msg01248.html
Jan
3117
days inactive
3131
days old
3 comments
2 participants
participants (2)
-
John Ferlan -
Ján Tomko