From 9f321a893d71b510cfc01b088e60e5ddba83e481 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH 1/1] virDomainBlockPeek and virDomainMemoryPeek need a read/write connection (CVE-2008-5086) (found by David Lutterkort). --- libvirt/libvirt.ml | 4 ++-- libvirt/libvirt.mli | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/libvirt/libvirt.ml b/libvirt/libvirt.ml index ec8c9e8..fc29264 100644 --- a/libvirt/libvirt.ml +++ b/libvirt/libvirt.ml @@ -425,8 +425,8 @@ struct external migrate : [>`W] t -> [>`W] Connect.t -> migrate_flag list -> ?dname:string -> ?uri:string -> ?bandwidth:int -> unit -> rw t = "ocaml_libvirt_domain_migrate_bytecode" "ocaml_libvirt_domain_migrate_native" external block_stats : [>`R] t -> string -> block_stats = "ocaml_libvirt_domain_block_stats" external interface_stats : [>`R] t -> string -> interface_stats = "ocaml_libvirt_domain_interface_stats" - external block_peek : [>`R] t -> string -> int64 -> int -> string -> int -> unit = "ocaml_libvirt_domain_block_peek_bytecode" "ocaml_libvirt_domain_block_peek_native" - external memory_peek : [>`R] t -> memory_flag list -> int64 -> int -> string -> int -> unit = "ocaml_libvirt_domain_memory_peek_bytecode" "ocaml_libvirt_domain_memory_peek_native" + external block_peek : [>`W] t -> string -> int64 -> int -> string -> int -> unit = "ocaml_libvirt_domain_block_peek_bytecode" "ocaml_libvirt_domain_block_peek_native" + external memory_peek : [>`W] t -> memory_flag list -> int64 -> int -> string -> int -> unit = "ocaml_libvirt_domain_memory_peek_bytecode" "ocaml_libvirt_domain_memory_peek_native" external const : [>`R] t -> ro t = "%identity" diff --git a/libvirt/libvirt.mli b/libvirt/libvirt.mli index 8de1a45..7bda889 100644 --- a/libvirt/libvirt.mli +++ b/libvirt/libvirt.mli @@ -610,7 +610,7 @@ sig val interface_stats : [>`R] t -> string -> interface_stats (** Returns network interface stats. *) - val block_peek : [>`R] t -> string -> int64 -> int -> string -> int -> unit + val block_peek : [>`W] t -> string -> int64 -> int -> string -> int -> unit (** [block_peek dom path offset size buf boff] reads [size] bytes at [offset] in the domain's [path] block device. @@ -618,7 +618,7 @@ sig at offset [boff], for [size] bytes. See also {!max_peek}. *) - val memory_peek : [>`R] t -> memory_flag list -> int64 -> int -> + val memory_peek : [>`W] t -> memory_flag list -> int64 -> int -> string -> int -> unit (** [memory_peek dom Virtual offset size] reads [size] bytes at [offset] in the domain's virtual memory. -- 1.8.3.1