| Reported on: | 20141202 |
|---|---|
| Published on: | 20141203 |
| Fixed on: | 20141203 |
| Reported by: | Pei Zhang |
|---|---|
| Patched by: | Luyao Huang |
Incorrect parameter validation of the virStorageVolUpload command could cause libvirtd to attempt to dereference NULL.
When using fine-grained ACLs, a user that is permitted to modify storage volumes but not create arbitrary domains can use bogus parameters to cause a denial of service attack against more privileged users.
Passing valid parameters to virStorageVolUpload will not trigger a problem. It is also possible to prevent the denial of service by stopping the use of the fine grained access control mechanism, or by not granting users the storage_vol:data_write permission if they do not also have the domain:write permission; doing this will not prevent the crash for invalid parameters, but such a crash is no longer a security attack.