Bug 677493

Summary: domxml-from-native can crash libvirtd
Product: Red Hat Enterprise Linux 6 Reporter: Eric Blake <eblake>
Component: libvirtAssignee: Eric Blake <eblake>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: ccui, dallan, dyuan, eblake, jyang, mjenner, mzhan, xen-maint, yoyzhang
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-0.8.7-7.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-19 13:27:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Eric Blake 2011-02-15 00:52:18 UTC 
Description of problem:
A malformed qemu command line can crash libvirtd.

Version-Release number of selected component (if applicable):
libvirt-0.8.7-5.el6

How reproducible:
100%

Steps to Reproduce:
1. $ cat a.args
2. $ virsh domxml-from-native qemu-argv a.args
  
Actual results:
1. [one long line]:
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0 -drive file=nbd:example.org,if=virtio,format=raw -net none -serial none -parallel none -usb
2. libvirtd dies with a segfault

Expected results:
useful results, and libvirtd stays up

Additional info:
Fixed by this upstream patch:
https://www.redhat.com/archives/libvir-list/2011-February/msg00481.html
Comment 1 Eric Blake 2011-02-15 00:54:14 UTC 
The qemu line is invalid - I took tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd.args, removed \-newline pairs, and deleted ":6000" to form the invalid line.  But invalid lines shouldn't take out the daemon.

Found by clang.
Comment 2 Eric Blake 2011-02-15 18:34:05 UTC 
In POST:
http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-February/msg00996.html
Comment 4 zhanghaiyan 2011-02-18 07:34:30 UTC 
Verified PASS with libvirt-0.8.7-7.el6.x86_64
- kernel-2.6.32-113.el6.x86_64
- qemu-kvm-0.12.1.2-2.145.el6.x86_64

1. # virsh domxml-from-native qemu-argv b.args error: internal error cannot parse nbd filename 'nbd:example.org'
2. ]# service libvirtd status
libvirtd (pid  29181) is running..

Also reproduced the bug on older version libvirt-0.8.7-5.el6.x86_64
Comment 7 errata-xmlrpc 2011-05-19 13:27:29 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0596.html