Libvirt Security Notice: LSN-2014-0005

virConnectListAllDomains can deadlock

Lifecycle

Reported on: 20140922
Published on: 20141001
Fixed on: 20141001

Credits

Reported by: Pavel Hrdina
Patched by: Pavel Hrdina

See also

Description

The common implementation of virConnectListAllDomains used an early return statement instead of jumping to a cleanup label when the API was used with a NULL list parameter to merely obtain a count of domains that match the filters. Because it missed the cleanup label, this left the list of domains locked and prevented all further APIs from accessing the list.

Impact

A read-only client can cause a denial of service attack against a privileged client by passing a NULL parameter to force the deadlock condition.

Workaround

As long as all callers pass a non-NULL argument to virConnectListAllDomains to collect an actual list rather than just a count, the deadlock will not occur (this mode of operation is the only mode used by virsh and in the python bindings, which is why the bug has existed undetected for so long). Denying access to the readonly libvirt socket will avoid the potential for a denial of service attack, but will not prevent the deadlock if a privileged client passes a NULL argument, although such a hang is no longer a security problem.

Affected product: libvirt

Branch master
Broken in: v0.9.13
Broken in: v1.0.0
Broken in: v1.0.1
Broken in: v1.0.2
Broken in: v1.0.3
Broken in: v1.0.4
Broken in: v1.0.5
Broken in: v1.0.6
Broken in: v1.1.0
Broken in: v1.1.1
Broken in: v1.1.2
Broken in: v1.1.3
Broken in: v1.1.4
Broken in: v1.2.0
Broken in: v1.2.1
Broken in: v1.2.2
Broken in: v1.2.3
Broken in: v1.2.4
Broken in: v1.2.5
Broken in: v1.2.6
Broken in: v1.2.7
Broken in: v1.2.8
Fixed in: v1.2.9
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: fc22b2e74890873848b43fffae43025d22053669
Branch v0.10.2-maint
Broken in: v0.10.2.1
Broken in: v0.10.2.2
Broken in: v0.10.2.3
Broken in: v0.10.2.4
Broken in: v0.10.2.5
Broken in: v0.10.2.6
Broken in: v0.10.2.7
Broken in: v0.10.2.8
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: a397e887ed40898cc177e118dffdea8e1f4c6184
Branch v1.0.2-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 905f2281e3dbb199191098235e335a2f54bb85c9
Branch v1.0.3-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 31674d08fc1b54cd30ad9422ba84090a8b4a3f48
Branch v1.0.4-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 26a87db8ea9320f08f5f029f4e1a47c04b322c64
Branch v1.0.5-maint
Broken in: v1.0.5.1
Broken in: v1.0.5.2
Broken in: v1.0.5.3
Broken in: v1.0.5.4
Broken in: v1.0.5.5
Broken in: v1.0.5.6
Broken in: v1.0.5.7
Broken in: v1.0.5.8
Broken in: v1.0.5.9
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: f18b86e35f25eacbe1c68cd32caea0310e9d220c
Branch v1.0.6-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 4e41e40fde8e9eb5bfd67467450aeb4767b45b9c
Branch v1.1.0-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: b64eaab92267480e78133c3d2e7b698f046fe5d0
Branch v1.1.1-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 64c04d03ce8d364043e692659220ae1094f1a0cf
Branch v1.1.2-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 75d051c7313aaa977bb67fde9b4094ed6da5ad4e
Branch v1.1.3-maint
Broken in: v1.1.3.1
Broken in: v1.1.3.2
Broken in: v1.1.3.3
Broken in: v1.1.3.4
Broken in: v1.1.3.5
Broken in: v1.1.3.6
Fixed in: v1.1.3.7
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 0b13d34e89405b6017a935d3c19d6a80ce7f3c6b
Branch v1.1.4-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: da254a088ca74377615d127562677fb23c987faa
Branch v1.2.0-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 861f9b1c4536b27d2961039aaf73f66732543654
Branch v1.2.1-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: c639118634cab93bdf7a8c1bdf7f1f4fd1f8a8ce
Branch v1.2.2-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 4ce1bd6e3783eef817ffd265616a2e6aa4cca2a3
Branch v1.2.3-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 64700acc914e8ed7e091db2c67b48e7ef7ed99fc
Branch v1.2.4-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 98e0692c968e194d5fd7176c6768da91ab48d651
Branch v1.2.5-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: af56bafcc9bfb39778790e9cd7f522b98354d978
Branch v1.2.6-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: 7dcab231de3749e8056597b9b2271cd32b3797bf
Branch v1.2.7-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: cd685ddb5d35df227aa5be9ae84368775c20e325
Branch v1.2.8-maint
Broken by: 2c6808044408fba9ff9547ad88bb8a0f44ee21a0
Fixed by: c074b4044e021db6765727ea18bca8408758c7a9

Alternative formats: [xml] [text]