Google Git
Sign in
apache / cloudstack / cf558be0f6b6c694f34fce37576165733bb23d2d^! / .
commitcf558be0f6b6c694f34fce37576165733bb23d2d[log] [tgz]
authorRohit Yadav <rohit.yadav@shapeblue.com>Wed Aug 12 21:03:11 2015 +0530
committerRohit Yadav <rohit.yadav@shapeblue.com>Fri Aug 14 10:51:52 2015 +0530
treebafd5749a2e551629e29ca697a5551c7859265cc
parent9b3a553efddabef6a2a1ae045ff5862a0f34d18e [diff]
CLOUDSTACK-8613, CLOUDSTACK-6301: Dump KVM domain XML with secure flag

When dumping XML use appropriate flags:

1, VIR_DOMAIN_XML_SECURE (dump security sensitive information too)
8, VIR_DOMAIN_XML_MIGRATABLE (dump XML suitable for migration)

Source:
https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags

This fixes CVE 2015-3252: VNC password lost during VM migration across KVM
hosts. The issue is also seen when a VM is rebooted.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit cb2aca751630ea60ad2fffed3d12e3fa2a5e93b5)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
index fc00ddd..4756b94 100755
--- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
+++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java

@@ -3082,8 +3082,13 @@
                 description for the instance to be used on the target host.
 
                 This is supported by libvirt-java from version 0.50.0
+
+                CVE-2015-3252: Get XML with sensitive information suitable for migration by using
+                               VIR_DOMAIN_XML_MIGRATABLE flag (value = 8)
+                               https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
+
              */
-            xmlDesc = dm.getXMLDesc(0).replace(_privateIp, cmd.getDestinationIp());
+            xmlDesc = dm.getXMLDesc(8).replace(_privateIp, cmd.getDestinationIp());
 
             dconn = new Connect("qemu+tcp://" + cmd.getDestinationIp() + "/system");
 
@@ -4731,7 +4736,10 @@
         String msg = null;
         try {
             dm = conn.domainLookupByName(vmName);
-            String vmDef = dm.getXMLDesc(0);
+            // Get XML Dump including the secure information such as VNC password
+            // By passing 1, or VIR_DOMAIN_XML_SECURE flag
+            // https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
+            String vmDef = dm.getXMLDesc(1);
             LibvirtDomainXMLParser parser = new LibvirtDomainXMLParser();
             parser.parseDomainXML(vmDef);
             for (InterfaceDef nic : parser.getInterfaces()) {