api: disallow virDomainManagedSaveDefineXML on read-only connections

The virDomainManagedSaveDefineXML can be used to alter the domain's config used for managedsave or even execute arbitrary emulator binaries. Forbid it on read-only connections. Fixes: CVE-2019-10166 Reported-by: Matthias Gerstner <mgerstner@suse.de> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> (cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a) Signed-off-by: Ján Tomko <jtomko@redhat.com>
author: Ján Tomko <jtomko@redhat.com> 2019-06-14 09:14:53 +0200
committer: Ján Tomko <jtomko@redhat.com> 2019-06-24 09:56:07 +0200
commit: 00e673c93fc3d0cfed274cc7a1ec2c52260c8262 (patch)
tree: 3e61956b8cd517fe547953502b6ea641911937b9
parent: a27659643b8ae9b26b52fc857cdc5b301184e26e (diff)
download: libvirt-00e673c93fc3d0cfed274cc7a1ec2c52260c8262.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index 270e10e857..5c764aa7e2 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -9482,6 +9482,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, const char *dxml,
 
     virCheckDomainReturn(domain, -1);
     conn = domain->conn;
+    virCheckReadOnlyGoto(conn->flags, error);
 
     if (conn->driver->domainManagedSaveDefineXML) {
         int ret;
author	Ján Tomko <jtomko@redhat.com>	2019-06-14 09:14:53 +0200
committer	Ján Tomko <jtomko@redhat.com>	2019-06-24 09:56:07 +0200
commit	00e673c93fc3d0cfed274cc7a1ec2c52260c8262 (patch)
tree	3e61956b8cd517fe547953502b6ea641911937b9
parent	a27659643b8ae9b26b52fc857cdc5b301184e26e (diff)
download	libvirt-00e673c93fc3d0cfed274cc7a1ec2c52260c8262.tar.gz