tools: ssh-proxy: Check for domain status before parsing its CID

Inactive domain XML can be wildly different to the live XML. For instance, it can have VSOCK CID of that from another (running) domain. Since domain status is not checked for, attempting to ssh into an inactive domain may in fact result in opening a connection to a different live domain that listens on said CID currently. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/737 Resolves: https://issues.redhat.com/browse/RHEL-75577 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2025-02-25 18:55:26 -06:00 · 2025-01-21 12:36:48 +01:00 · 2025-01-21 12:36:48 +01:00 · ab10c0695d
commit ab10c0695d
parent 63a3d70697
1 changed files with 4 additions and 1 deletions
--- a/tools/ssh-proxy/ssh-proxy.c
+++ b/tools/ssh-proxy/ssh-proxy.c
@ -194,7 +194,10 @@ lookupDomainAndFetchCID(const char *uri,
        if (virStrToLong_i(domname, NULL, 10, &id) >= 0)
            dom = virDomainLookupByID(conn, id);
    }
-    if (!dom)
+
+    /* If no domain is found, return an error. Similarly, inactive domain may
+     * contain CID of another (running) domain, yielding misleading results. */
+    if (!dom || virDomainIsActive(dom) <= 0)
        return -1;

    return extractCID(dom, cid);