packages/libvirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!151 fix CVE-2022-0897 (openeuler !64)

Browse Source 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
This commit is contained in:
openeuler-ci-bot 2022-06-20 09:23:33 +00:00 committed by Gitee
commit b20e825847
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libvirt.spec
View File

@ -101,7 +101,7 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 6.2.0
Release: 39
Release: 40
License: LGPLv2+
URL: https://libvirt.org/
@ -249,6 +249,7 @@ Patch0136: apparmor-Permit-new-capabilities-required-by-libvirt.patch
Patch0137: virsh-Display-vhostuser-socket-path-in-domblklist.patch
Patch0138: sw_64-Add-sw64-architecture-support.patch
Patch0139: src-workaround-warning-triggered-in-glib-2.69.patch
Patch0140: nwfilter-fix-crash-when-counting-number-of-network-f.patch
Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-daemon-config-network = %{version}-%{release}
@ -1983,6 +1984,9 @@ exit 0
%changelog
* Mon Jun 20 2022 yezengruan <yezengruan@huawei.com> - 6.2.0-40
- nwfilter: fix crash when counting number of network filters (CVE-2022-0897)
* Mon Jun 13 2022 yezengruan <yezengruan@huawei.com> - 6.2.0-39
- sw_64: Add sw64 architecture support
- src: workaround warning triggered in glib 2.69

54
nwfilter-fix-crash-when-counting-number-of-network-f.patch Normal file
View File

@ -0,0 +1,54 @@
From b67c839e409b4e49b69ffdab947af91791820411 Mon Sep 17 00:00:00 2001
From: AlexChen <alex.chen@huawei.com>
Date: Tue, 8 Mar 2022 17:28:38 +0000
Subject: [PATCH] nwfilter: fix crash when counting number of network filters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The virNWFilterObjListNumOfNWFilters method iterates over the
driver->nwfilters, accessing virNWFilterObj instances. As such
it needs to be protected against concurrent modification of
the driver->nwfilters object.
This API allows unprivileged users to connect, so users with
read-only access to libvirt can cause a denial of service
crash if they are able to race with a call of virNWFilterUndefine.
Since network filters are usually statically defined, this is
considered a low severity problem.
This is assigned CVE-2022-0897.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
cherry-picked from a4947e8f63c3e6
Signed-off-by: AlexChen <alex.chen@huawei.com>
---
src/nwfilter/nwfilter_driver.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 1c407727db..27500d192a 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -514,11 +514,15 @@ nwfilterLookupByName(virConnectPtr conn,
static int
nwfilterConnectNumOfNWFilters(virConnectPtr conn)
{
+ int ret;
if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
return -1;
- return virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
- virConnectNumOfNWFiltersCheckACL);
+ nwfilterDriverLock();
+ ret = virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
+ virConnectNumOfNWFiltersCheckACL);
+ nwfilterDriverUnlock();
+ return ret;
}
--
2.27.0