etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-8613, CLOUDSTACK-6301: Dump KVM domain XML with secure flag 

When dumping XML use appropriate flags:

1, VIR_DOMAIN_XML_SECURE (dump security sensitive information too)
8, VIR_DOMAIN_XML_MIGRATABLE (dump XML suitable for migration)

Source:
https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags

This fixes CVE 2015-3252: VNC password lost during VM migration across KVM
hosts. The issue is also seen when a VM is rebooted.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2015-08-12 21:03:11 +05:30
parent 3a48171bd8
commit cb2aca7516
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
View File

@ -3094,8 +3094,13 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
description for the instance to be used on the target host.
This is supported by libvirt-java from version 0.50.0
CVE-2015-3252: Get XML with sensitive information suitable for migration by using
VIR_DOMAIN_XML_MIGRATABLE flag (value = 8)
https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
*/
xmlDesc = dm.getXMLDesc(0).replace(_privateIp, cmd.getDestinationIp());
xmlDesc = dm.getXMLDesc(8).replace(_privateIp, cmd.getDestinationIp());
dconn = new Connect("qemu+tcp://" + cmd.getDestinationIp() + "/system");
@ -4510,7 +4515,10 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
String msg = null;
try {
dm = conn.domainLookupByName(vmName);
String vmDef = dm.getXMLDesc(0);
// Get XML Dump including the secure information such as VNC password
// By passing 1, or VIR_DOMAIN_XML_SECURE flag
// https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
String vmDef = dm.getXMLDesc(1);
LibvirtDomainXMLParser parser = new LibvirtDomainXMLParser();
parser.parseDomainXML(vmDef);
for (InterfaceDef nic : parser.getInterfaces()) {