libvirt/nwfilter-fix-crash-when-counting-number-of-network-f.patch

From b67c839e409b4e49b69ffdab947af91791820411 Mon Sep 17 00:00:00 2001
From: AlexChen <alex.chen@huawei.com>
Date: Tue, 8 Mar 2022 17:28:38 +0000
Subject: [PATCH] nwfilter: fix crash when counting number of network filters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The virNWFilterObjListNumOfNWFilters method iterates over the
driver->nwfilters, accessing virNWFilterObj instances. As such
it needs to be protected against concurrent modification of
the driver->nwfilters object.

This API allows unprivileged users to connect, so users with
read-only access to libvirt can cause a denial of service
crash if they are able to race with a call of virNWFilterUndefine.
Since network filters are usually statically defined, this is
considered a low severity problem.

This is assigned CVE-2022-0897.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
cherry-picked from a4947e8f63c3e6
Signed-off-by: AlexChen <alex.chen@huawei.com>
---
 src/nwfilter/nwfilter_driver.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 1c407727db..27500d192a 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -514,11 +514,15 @@ nwfilterLookupByName(virConnectPtr conn,
 static int
 nwfilterConnectNumOfNWFilters(virConnectPtr conn)
 {
+    int ret;
     if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
         return -1;
 
-    return virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
-                                        virConnectNumOfNWFiltersCheckACL);
+    nwfilterDriverLock();
+    ret = virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
+                                           virConnectNumOfNWFiltersCheckACL);
+    nwfilterDriverUnlock();
+    return ret;
 }
 
 
-- 
2.27.0
fix CVE-2022-0897 (openeuler !66) nwfilter: fix crash when counting number of network filters (CVE-2022-0897) Signed-off-by: yezengruan <yezengruan@huawei.com> 2022-06-20 09:24:26 +08:00			`From b67c839e409b4e49b69ffdab947af91791820411 Mon Sep 17 00:00:00 2001`
			`From: AlexChen <alex.chen@huawei.com>`
			`Date: Tue, 8 Mar 2022 17:28:38 +0000`
			`Subject: [PATCH] nwfilter: fix crash when counting number of network filters`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`The virNWFilterObjListNumOfNWFilters method iterates over the`
			`driver->nwfilters, accessing virNWFilterObj instances. As such`
			`it needs to be protected against concurrent modification of`
			`the driver->nwfilters object.`

			`This API allows unprivileged users to connect, so users with`
			`read-only access to libvirt can cause a denial of service`
			`crash if they are able to race with a call of virNWFilterUndefine.`
			`Since network filters are usually statically defined, this is`
			`considered a low severity problem.`

			`This is assigned CVE-2022-0897.`

			`Reviewed-by: Eric Blake <eblake@redhat.com>`
			`Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>`
			`cherry-picked from a4947e8f63c3e6`
			`Signed-off-by: AlexChen <alex.chen@huawei.com>`
			`---`
			`src/nwfilter/nwfilter_driver.c \| 8 ++++++--`
			`1 file changed, 6 insertions(+), 2 deletions(-)`

			`diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c`
			`index 1c407727db..27500d192a 100644`
			`--- a/src/nwfilter/nwfilter_driver.c`
			`+++ b/src/nwfilter/nwfilter_driver.c`
			`@@ -514,11 +514,15 @@ nwfilterLookupByName(virConnectPtr conn,`
			`static int`
			`nwfilterConnectNumOfNWFilters(virConnectPtr conn)`
			`{`
			`+ int ret;`
			`if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)`
			`return -1;`

			`- return virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,`
			`- virConnectNumOfNWFiltersCheckACL);`
			`+ nwfilterDriverLock();`
			`+ ret = virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,`
			`+ virConnectNumOfNWFiltersCheckACL);`
			`+ nwfilterDriverUnlock();`
			`+ return ret;`
			`}`


			`--`
			`2.27.0`