[Pkg-libvirt-commits] [SCM] Libvirt Debian packaging branch, master, updated. debian/1.1.0-4

Guido Günther agx at sigxcpu.org
Sat Jul 20 09:44:19 UTC 2013 

The following commit has been merged in the master branch:
commit 85b5fdafe6b45ae8a3e0e988cdc1321559a91e2c
Author: Guido Günther <agx at sigxcpu.org>
Date:   Sat Jul 20 09:58:12 2013 +0200

    CVE-2013-4154: qemu: Prevent crash of libvirtd without guest agent configuration
    
    Thanks: Alex Jia
    Closes: #717355

diff --git a/debian/patches/CVE-2013-4154-qemu-Prevent-crash-of-libvirtd-without.patch b/debian/patches/CVE-2013-4154-qemu-Prevent-crash-of-libvirtd-without.patch
new file mode 100644
index 0000000..072cdd0
--- /dev/null
+++ b/debian/patches/CVE-2013-4154-qemu-Prevent-crash-of-libvirtd-without.patch
@@ -0,0 +1,89 @@
+From: Alex Jia <ajia at redhat.com>
+Date: Tue, 16 Jul 2013 17:30:20 +0800
+Subject: CVE-2013-4154: qemu: Prevent crash of libvirtd without guest agent
+ configuration
+
+If users haven't configured guest agent then qemuAgentCommand() will
+dereference a NULL 'mon' pointer, which causes crash of libvirtd when
+using agent based cpu (un)plug.
+
+With the patch, when the qemu-ga service isn't running in the guest,
+a expected error "error: Guest agent is not responding: Guest agent
+not available for now" will be raised, and the error "error: argument
+unsupported: QEMU guest agent is not configured" is raised when the
+guest hasn't configured guest agent.
+
+GDB backtrace:
+
+ (gdb) bt
+ #0  virNetServerFatalSignal (sig=11, siginfo=<value optimized out>, context=<value optimized out>) at rpc/virnetserver.c:326
+ #1  <signal handler called>
+ #2  qemuAgentCommand (mon=0x0, cmd=0x7f39300017b0, reply=0x7f394b090910, seconds=-2) at qemu/qemu_agent.c:975
+ #3  0x00007f39429507f6 in qemuAgentGetVCPUs (mon=0x0, info=0x7f394b0909b8) at qemu/qemu_agent.c:1475
+ #4  0x00007f39429d9857 in qemuDomainGetVcpusFlags (dom=<value optimized out>, flags=9) at qemu/qemu_driver.c:4849
+ #5  0x00007f3957dffd8d in virDomainGetVcpusFlags (domain=0x7f39300009c0, flags=8) at libvirt.c:9843
+
+How to reproduce?
+
+ # To start a guest without guest agent configuration
+ # then run the following cmdline
+
+ # virsh vcpucount foobar --guest
+ error: End of file while reading data: Input/output error
+ error: One or more references were leaked after disconnect from the hypervisor
+ error: Failed to reconnect to the hypervisor
+
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=984821
+
+Signed-off-by: Alex Jia <ajia at redhat.com>
+Signed-off-by: Peter Krempa <pkrempa at redhat.com>
+
+Closes: #717355
+---
+ src/qemu/qemu_driver.c | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 9d6160f..5ddd9af 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -3963,6 +3963,19 @@ qemuDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
+             goto endjob;
+         }
+ 
++        if (priv->agentError) {
++            virReportError(VIR_ERR_AGENT_UNRESPONSIVE, "%s",
++                           _("QEMU guest agent is not "
++                             "available due to an error"));
++            goto endjob;
++        }
++
++        if (!priv->agent) {
++            virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
++                           _("QEMU guest agent is not configured"));
++            goto endjob;
++        }
++
+         qemuDomainObjEnterAgent(vm);
+         ncpuinfo = qemuAgentGetVCPUs(priv->agent, &cpuinfo);
+         qemuDomainObjExitAgent(vm);
+@@ -4685,6 +4698,19 @@ qemuDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
+         if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
+             goto cleanup;
+ 
++        if (priv->agentError) {
++            virReportError(VIR_ERR_AGENT_UNRESPONSIVE, "%s",
++                           _("QEMU guest agent is not "
++                             "available due to an error"));
++            goto endjob;
++        }
++
++        if (!priv->agent) {
++            virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
++                           _("QEMU guest agent is not configured"));
++            goto endjob;
++        }
++
+         if (!virDomainObjIsActive(vm)) {
+             virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                            _("domain is not running"));
diff --git a/debian/patches/series b/debian/patches/series
index b9e2dad..f532ef6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,4 @@ Allow-xen-toolstack-to-find-it-s-binaries.patch
 Create-directory-for-lease-files-if-it-s-missing.patch
 Fix-crash-when-multiple-event-callbacks-were-registe.patch
 CVE-2013-4153-qemu-Fix-double-free-of-returned-JSON-.patch
+CVE-2013-4154-qemu-Prevent-crash-of-libvirtd-without.patch

-- 
Libvirt Debian packaging

More information about the Pkg-libvirt-commits mailing list