| Upstream-Status: Backport |
| |
| Backport patch to fix CVE-2016-5008 from: |
| |
| https://libvirt.org/git/?p=libvirt.git;a=commit;h=f32441c69bf450d6ac593c3acd621c37e120cdaf |
| |
| Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| --- |
| From f32441c69bf450d6ac593c3acd621c37e120cdaf Mon Sep 17 00:00:00 2001 |
| From: Jiri Denemark <jdenemar@redhat.com> |
| Date: Tue, 28 Jun 2016 14:39:58 +0200 |
| Subject: [PATCH] qemu: Let empty default VNC password work as documented |
| |
| CVE-2016-5008 |
| |
| Setting an empty graphics password is documented as a way to disable |
| VNC/SPICE access, but QEMU does not always behaves like that. VNC would |
| happily accept the empty password. Let's enforce the behavior by setting |
| password expiration to "now". |
| |
| https://bugzilla.redhat.com/show_bug.cgi?id=1180092 |
| |
| Signed-off-by: Jiri Denemark <jdenemar@redhat.com> |
| (cherry picked from commit bb848feec0f3f10e92dd8e5231ae7aa89b5598f3) |
| --- |
| src/qemu/qemu_hotplug.c | 14 +++++++------- |
| 1 file changed, 7 insertions(+), 7 deletions(-) |
| |
| diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c |
| index 5f12d77..fda28b0 100644 |
| --- a/src/qemu/qemu_hotplug.c |
| +++ b/src/qemu/qemu_hotplug.c |
| @@ -3547,6 +3547,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, |
| time_t now = time(NULL); |
| char expire_time [64]; |
| const char *connected = NULL; |
| + const char *password; |
| int ret = -1; |
| virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); |
| |
| @@ -3554,16 +3555,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, |
| ret = 0; |
| goto cleanup; |
| } |
| + password = auth->passwd ? auth->passwd : defaultPasswd; |
| |
| if (auth->connected) |
| connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected); |
| |
| if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0) |
| goto cleanup; |
| - ret = qemuMonitorSetPassword(priv->mon, |
| - type, |
| - auth->passwd ? auth->passwd : defaultPasswd, |
| - connected); |
| + ret = qemuMonitorSetPassword(priv->mon, type, password, connected); |
| |
| if (ret == -2) { |
| if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) { |
| @@ -3571,14 +3570,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, |
| _("Graphics password only supported for VNC")); |
| ret = -1; |
| } else { |
| - ret = qemuMonitorSetVNCPassword(priv->mon, |
| - auth->passwd ? auth->passwd : defaultPasswd); |
| + ret = qemuMonitorSetVNCPassword(priv->mon, password); |
| } |
| } |
| if (ret != 0) |
| goto end_job; |
| |
| - if (auth->expires) { |
| + if (password[0] == '\0') { |
| + snprintf(expire_time, sizeof(expire_time), "now"); |
| + } else if (auth->expires) { |
| time_t lifetime = auth->validTo - now; |
| if (lifetime <= 0) |
| snprintf(expire_time, sizeof(expire_time), "now"); |
| -- |
| 2.9.0 |
| |