diff options
| author |   Matthias Maier <tamiko@gentoo.org> | 2017-08-31 20:48:57 -0500 |
|---|---|---|
| committer | Matthias Maier <tamiko@gentoo.org> | 2017-08-31 20:55:27 -0500 |
| commit | 02110c0d470e8549a31ae8bf953c8bd514185c68 (patch) | |
| tree | dcfa7641415aaed7fd720ec042494d36b2587d0a /app-emulation/libvirt/files | |
| parent | app-emulation/qemu: do not install removed documentation (diff) | |
| download | gentoo-02110c0d470e8549a31ae8bf953c8bd514185c68.tar.gz gentoo-02110c0d470e8549a31ae8bf953c8bd514185c68.tar.bz2 gentoo-02110c0d470e8549a31ae8bf953c8bd514185c68.zip | |
app-emulation/libvirt: version bump to 3.6.0, bug #627780
Package-Manager: Portage-2.3.6, Repoman-2.3.3
Diffstat (limited to 'app-emulation/libvirt/files')
| -rw-r--r-- | app-emulation/libvirt/files/libvirt-3.6.0-ssh-malicious-hostname-fix.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/app-emulation/libvirt/files/libvirt-3.6.0-ssh-malicious-hostname-fix.patch b/app-emulation/libvirt/files/libvirt-3.6.0-ssh-malicious-hostname-fix.patch new file mode 100644 index 000000000000..628928412767 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-3.6.0-ssh-malicious-hostname-fix.patch @@ -0,0 +1,47 @@ +From e4cb8500810a310a10a6cb359e1b53fac03ed597 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" <berrange@redhat.com> +Date: Fri, 11 Aug 2017 17:19:53 +0100 +Subject: [PATCH] rpc: avoid ssh interpreting malicious hostname as arguments + +Inspired by the recent GIT / Mercurial security flaws +(http://blog.recurity-labs.com/2017-08-10/scm-vulns), +consider someone/something manages to feed libvirt a bogus +URI such as: + + virsh -c qemu+ssh://-oProxyCommand=gnome-calculator/system + +In this case, the hosname "-oProxyCommand=gnome-calculator" +will get interpreted as an argument to ssh, not a hostname. +Fortunately, due to the set of args we have following the +hostname, SSH will then interpret our bit of shell script +that runs 'nc' on the remote host as a cipher name, which is +clearly invalid. This makes ssh exit during argv parsing and +so it never tries to run gnome-calculator. + +We are lucky this time, but lets be more paranoid, by using +'--' to explicitly tell SSH when it has finished seeing +command line options. This forces it to interpret +"-oProxyCommand=gnome-calculator" as a hostname, and thus +see a fail from hostname lookup. + +Signed-off-by: Daniel P. Berrange <berrange@redhat.com> +--- + src/rpc/virnetsocket.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c +index d228c8a8c..23089afef 100644 +--- a/src/rpc/virnetsocket.c ++++ b/src/rpc/virnetsocket.c +@@ -868,7 +868,7 @@ int virNetSocketNewConnectSSH(const char *nodename, + if (!netcat) + netcat = "nc"; + +- virCommandAddArgList(cmd, nodename, "sh", "-c", NULL); ++ virCommandAddArgList(cmd, "--", nodename, "sh", "-c", NULL); + + virBufferEscapeShell(&buf, netcat); + if (virBufferCheckError(&buf) < 0) { +-- +2.13.5 + |