rpms/libvirt
6
0
Fork 1
Code Issues Pull Requests Releases Activity
84b9f25cb1
libvirt/libvirt-tools-ssh-proxy-Check-for-domain-status-before-parsing-its-CID.patch
Jiri Denemark c2bfdf96a6 libvirt-10.10.0-5.el9 
- qemu: allow migration of guest with mdev vGPU to VF vGPU (RHEL-68064)
- storage_file: Refuse qcow2 images with empty string as 'data_file' (RHEL-73504)
- virstoragetest: Add case for qcow2 image with empty string as 'data_file' (RHEL-73504)
- qemu: snapshot: delete disk image only if parent snapshot is external (RHEL-74041)
- storage_file: de-modularize the local file backend (RHEL-73507)
- libvirt.spec: Move ownership of 'storage-file' backends directory to gluster (RHEL-73507)
- qemu: re-use existing ActualNetDef for more interface types during update-device (RHEL-7036)
- tools: ssh-proxy: Check for domain status before parsing its CID (RHEL-75577)

Resolves: RHEL-68064, RHEL-7036, RHEL-73504, RHEL-73507, RHEL-74041
Resolves: RHEL-75577
2025-01-24 16:05:43 +01:00

44 lines
1.7 KiB
Diff
Raw Blame History

From 2eab8ef9338a884b491d198bf2c6a51e271f2170 Mon Sep 17 00:00:00 2001
Message-ID: <2eab8ef9338a884b491d198bf2c6a51e271f2170.1737731143.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 21 Jan 2025 12:36:48 +0100
Subject: [PATCH] tools: ssh-proxy: Check for domain status before parsing its
CID
Inactive domain XML can be wildly different to the live XML. For
instance, it can have VSOCK CID of that from another (running)
domain. Since domain status is not checked for, attempting to ssh
into an inactive domain may in fact result in opening a
connection to a different live domain that listens on said CID
currently.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/737
Resolves: https://issues.redhat.com/browse/RHEL-75577
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit ab10c0695d142c78d1ea078b553e1c035e7abc8a)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
tools/ssh-proxy/ssh-proxy.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/ssh-proxy/ssh-proxy.c b/tools/ssh-proxy/ssh-proxy.c
index e60c58d57f..22daffeb63 100644
--- a/tools/ssh-proxy/ssh-proxy.c
+++ b/tools/ssh-proxy/ssh-proxy.c
@@ -194,7 +194,10 @@ lookupDomainAndFetchCID(const char *uri,
if (virStrToLong_i(domname, NULL, 10, &id) >= 0)
dom = virDomainLookupByID(conn, id);
}
- if (!dom)
+
+ /* If no domain is found, return an error. Similarly, inactive domain may
+ * contain CID of another (running) domain, yielding misleading results. */
+ if (!dom || virDomainIsActive(dom) <= 0)
return -1;
return extractCID(dom, cid);
--
2.48.1
Reference in New Issue View Git Blame Copy Permalink