44 lines
1.7 KiB
Diff
44 lines
1.7 KiB
Diff
From 2eab8ef9338a884b491d198bf2c6a51e271f2170 Mon Sep 17 00:00:00 2001
|
|
Message-ID: <2eab8ef9338a884b491d198bf2c6a51e271f2170.1737731143.git.jdenemar@redhat.com>
|
|
From: Michal Privoznik <mprivozn@redhat.com>
|
|
Date: Tue, 21 Jan 2025 12:36:48 +0100
|
|
Subject: [PATCH] tools: ssh-proxy: Check for domain status before parsing its
|
|
CID
|
|
|
|
Inactive domain XML can be wildly different to the live XML. For
|
|
instance, it can have VSOCK CID of that from another (running)
|
|
domain. Since domain status is not checked for, attempting to ssh
|
|
into an inactive domain may in fact result in opening a
|
|
connection to a different live domain that listens on said CID
|
|
currently.
|
|
|
|
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/737
|
|
Resolves: https://issues.redhat.com/browse/RHEL-75577
|
|
|
|
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
|
(cherry picked from commit ab10c0695d142c78d1ea078b553e1c035e7abc8a)
|
|
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
---
|
|
tools/ssh-proxy/ssh-proxy.c | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/tools/ssh-proxy/ssh-proxy.c b/tools/ssh-proxy/ssh-proxy.c
|
|
index e60c58d57f..22daffeb63 100644
|
|
--- a/tools/ssh-proxy/ssh-proxy.c
|
|
+++ b/tools/ssh-proxy/ssh-proxy.c
|
|
@@ -194,7 +194,10 @@ lookupDomainAndFetchCID(const char *uri,
|
|
if (virStrToLong_i(domname, NULL, 10, &id) >= 0)
|
|
dom = virDomainLookupByID(conn, id);
|
|
}
|
|
- if (!dom)
|
|
+
|
|
+ /* If no domain is found, return an error. Similarly, inactive domain may
|
|
+ * contain CID of another (running) domain, yielding misleading results. */
|
|
+ if (!dom || virDomainIsActive(dom) <= 0)
|
|
return -1;
|
|
|
|
return extractCID(dom, cid);
|
|
--
|
|
2.48.1
|