rpms/libvirt
6
0
Fork 1
Code Issues Pull Requests Releases Activity
582e7872e6
libvirt/libvirt-tools-ssh-proxy-Check-for-domain-status-before-parsing-its-CID.patch
Jiri Denemark c269e5be18 libvirt-10.10.0-5.el10 
- qemu: allow migration of guest with mdev vGPU to VF vGPU (RHEL-68065)
- storage_file: Refuse qcow2 images with empty string as 'data_file' (RHEL-70627)
- virstoragetest: Add case for qcow2 image with empty string as 'data_file' (RHEL-70627)
- qemu: snapshot: delete disk image only if parent snapshot is external (RHEL-74040)
- storage_file: de-modularize the local file backend (RHEL-73506)
- libvirt.spec: Move ownership of 'storage-file' backends directory to gluster (RHEL-73506)
- tools: ssh-proxy: Check for domain status before parsing its CID (RHEL-75589)
- qemu: re-use existing ActualNetDef for more interface types during update-device (RHEL-74492)

Resolves: RHEL-68065, RHEL-70627, RHEL-73506, RHEL-74040, RHEL-74492
Resolves: RHEL-75589
2025-01-24 14:14:17 +01:00

47 lines
1.7 KiB
Diff
Raw Blame History

From 61d1773ce763eda51ec1180847ae31411471d138 Mon Sep 17 00:00:00 2001
Message-ID: <61d1773ce763eda51ec1180847ae31411471d138.1737724457.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 21 Jan 2025 12:36:48 +0100
Subject: [PATCH] tools: ssh-proxy: Check for domain status before parsing its
CID
Inactive domain XML can be wildly different to the live XML. For
instance, it can have VSOCK CID of that from another (running)
domain. Since domain status is not checked for, attempting to ssh
into an inactive domain may in fact result in opening a
connection to a different live domain that listens on said CID
currently.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/737
Resolves: https://issues.redhat.com/browse/RHEL-75577
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit ab10c0695d142c78d1ea078b553e1c035e7abc8a)
Resolves: https://issues.redhat.com/browse/RHEL-75589
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
tools/ssh-proxy/ssh-proxy.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/ssh-proxy/ssh-proxy.c b/tools/ssh-proxy/ssh-proxy.c
index e60c58d57f..22daffeb63 100644
--- a/tools/ssh-proxy/ssh-proxy.c
+++ b/tools/ssh-proxy/ssh-proxy.c
@@ -194,7 +194,10 @@ lookupDomainAndFetchCID(const char *uri,
if (virStrToLong_i(domname, NULL, 10, &id) >= 0)
dom = virDomainLookupByID(conn, id);
}
- if (!dom)
+
+ /* If no domain is found, return an error. Similarly, inactive domain may
+ * contain CID of another (running) domain, yielding misleading results. */
+ if (!dom || virDomainIsActive(dom) <= 0)
return -1;
return extractCID(dom, cid);
--
2.48.1
Reference in New Issue View Git Blame Copy Permalink