libvirt: CVE-2021-3667 Improper locking on ACL failure

Source: https://gitlab.com/libvirt/libvirt MR: 116398 Type: Security Fix Disposition: Backport from https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 ChangeID: 342935ee7e30ea636d14f2d53c503da511c4a04e Description: CVE-2021-3667 libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API. Affects libvirt < 6.1 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2022-06-29 10:51:37 +0530
committer: Bruce Ashfield <bruce.ashfield@gmail.com> 2022-07-05 16:28:05 -0400
commit: ab3bbe30b60c51b8df4b568c253d559328c8750f (patch)
tree: 0ea8dd71a396646cf44ce56045c7e1632bc182ff
parent: f6b88c1d2f515ffac90457c0d649d6c805fff736 (diff)
download: meta-virtualization-ab3bbe30b60c51b8df4b568c253d559328c8750f.tar.gz
2 files changed, 33 insertions, 1 deletions
diff --git a/recipes-extended/libvirt/libvirt/CVE-2021-3667.patch b/recipes-extended/libvirt/libvirt/CVE-2021-3667.patch
new file mode 100644
index 00000000..b99c5da0
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/CVE-2021-3667.patch
@@ -0,0 +1,32 @@
+From 494fc57f60af732a72b02c984527878ea7a016dc Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 20 Jun 2022 12:40:39 +0530
+Subject: [PATCH] CVE-2021-3667
+Upstream-Status: Backport [https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87]
+CVE: CVE-2021-3667
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/storage/storage_driver.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
+index 7e59335..1f1225d 100644
+--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
+@@ -1741,8 +1741,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
+                                            storagePoolLookupByTargetPathCallback,
+                                            cleanpath))) {
+         def = virStoragePoolObjGetDef(obj);
+-        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0)
+        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) {
+            virStoragePoolObjEndAPI(&obj);
+             return NULL;
+        }
+ 
+         pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL);
+         virStoragePoolObjEndAPI(&obj);
+-- 
+2.25.1
diff --git a/recipes-extended/libvirt/libvirt_6.1.0.bb b/recipes-extended/libvirt/libvirt_6.1.0.bb
index d4978b38..d0f2c315 100644
--- a/recipes-extended/libvirt/libvirt_6.1.0.bb
+++ b/recipes-extended/libvirt/libvirt_6.1.0.bb
@@ -46,8 +46,8 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
           file://CVE-2020-25637_3.patch \
           file://CVE-2020-25637_4.patch \
           file://CVE-2021-3631.patch \
+           file://CVE-2021-3667.patch \
          "
 SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145"
 SRC_URI[libvirt.sha256sum] = "167c185be45560e73dd3e14ed375778b555c01455192de2dafc4d0f74fabebc0"
author	Hitendra Prajapati <hprajapati@mvista.com>	2022-06-29 10:51:37 +0530
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2022-07-05 16:28:05 -0400
commit	ab3bbe30b60c51b8df4b568c253d559328c8750f (patch)
tree	0ea8dd71a396646cf44ce56045c7e1632bc182ff
parent	f6b88c1d2f515ffac90457c0d649d6c805fff736 (diff)
download	meta-virtualization-ab3bbe30b60c51b8df4b568c253d559328c8750f.tar.gz

diff --git a/recipes-extended/libvirt/libvirt/CVE-2021-3667.patch b/recipes-extended/libvirt/libvirt/CVE-2021-3667.patch new file mode 100644 index 00000000..b99c5da0 --- /dev/null +++ b/recipes-extended/libvirt/libvirt/CVE-2021-3667.patch
@@ -0,0 +1,32 @@
		1	From 494fc57f60af732a72b02c984527878ea7a016dc Mon Sep 17 00:00:00 2001
		2	From: Hitendra Prajapati <hprajapati@mvista.com>
		3	Date: Mon, 20 Jun 2022 12:40:39 +0530
		4	Subject: [PATCH] CVE-2021-3667
		5
		6	Upstream-Status: Backport [https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87]
		7	CVE: CVE-2021-3667
		8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		9
		10	---
		11	src/storage/storage_driver.c \| 4 +++-
		12	1 file changed, 3 insertions(+), 1 deletion(-)
		13
		14	diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
		15	index 7e59335..1f1225d 100644
		16	--- a/src/storage/storage_driver.c
		17	+++ b/src/storage/storage_driver.c
		18	@@ -1741,8 +1741,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
		19	storagePoolLookupByTargetPathCallback,
		20	cleanpath))) {
		21	def = virStoragePoolObjGetDef(obj);
		22	- if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0)
		23	+ if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) {
		24	+ virStoragePoolObjEndAPI(&obj);
		25	return NULL;
		26	+ }
		27
		28	pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL);
		29	virStoragePoolObjEndAPI(&obj);
		30	--
		31	2.25.1
		32


diff --git a/recipes-extended/libvirt/libvirt_6.1.0.bb b/recipes-extended/libvirt/libvirt_6.1.0.bb index d4978b38..d0f2c315 100644 --- a/recipes-extended/libvirt/libvirt_6.1.0.bb +++ b/recipes-extended/libvirt/libvirt_6.1.0.bb
@@ -46,8 +46,8 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
46	file://CVE-2020-25637_3.patch \	46	file://CVE-2020-25637_3.patch \
47	file://CVE-2020-25637_4.patch \	47	file://CVE-2020-25637_4.patch \
48	file://CVE-2021-3631.patch \	48	file://CVE-2021-3631.patch \
		49	file://CVE-2021-3667.patch \
49	"	50	"
50
51	SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145"	51	SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145"
52	SRC_URI[libvirt.sha256sum] = "167c185be45560e73dd3e14ed375778b555c01455192de2dafc4d0f74fabebc0"	52	SRC_URI[libvirt.sha256sum] = "167c185be45560e73dd3e14ed375778b555c01455192de2dafc4d0f74fabebc0"
53		53