etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-8613, CLOUDSTACK-6301: Dump KVM domain XML with secure flag 

When dumping XML use appropriate flags:

1, VIR_DOMAIN_XML_SECURE (dump security sensitive information too)
8, VIR_DOMAIN_XML_MIGRATABLE (dump XML suitable for migration)

Source:
https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags

This fixes CVE 2015-3252: VNC password lost during VM migration across KVM
hosts. The issue is also seen when a VM is rebooted.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit cb2aca7516)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Conflicts:
	plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
This commit is contained in:
Rohit Yadav 2015-08-12 21:03:11 +05:30
parent 5de04025a6
commit c116ca968e
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
View File

@ -3011,8 +3011,13 @@ ServerResource {
description for the instance to be used on the target host.
This is supported by libvirt-java from version 0.50.0
*/
xmlDesc = dm.getXMLDesc(0).replace(_privateIp, cmd.getDestinationIp());
CVE-2015-3252: Get XML with sensitive information suitable for migration by using
VIR_DOMAIN_XML_MIGRATABLE flag (value = 8)
https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
*/
xmlDesc = dm.getXMLDesc(8).replace(_privateIp, cmd.getDestinationIp());
dconn = new Connect("qemu+tcp://" + cmd.getDestinationIp()
+ "/system");
@ -4625,7 +4630,10 @@ ServerResource {
String msg = null;
try {
dm = conn.domainLookupByName(vmName);
String vmDef = dm.getXMLDesc(0);
// Get XML Dump including the secure information such as VNC password
// By passing 1, or VIR_DOMAIN_XML_SECURE flag
// https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
String vmDef = dm.getXMLDesc(1);
LibvirtDomainXMLParser parser = new LibvirtDomainXMLParser();
parser.parseDomainXML(vmDef);
for (InterfaceDef nic :parser.getInterfaces()) {