Don't ignore errors parsing nwfilter rules

For inexplicable reasons, the nwfilter XML parser is intentionally
ignoring errors that arise during parsing. As well as meaning that
users don't get any feedback on their XML mistakes, this will lead
it to silently drop data in OOM conditions.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 4f2094346d98f4ed6a2de115d204c166cc563496)

diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index b2be99a551430e1b9262a6fe3e09bd213812abad..4af5ad42b508705d512fe5c135e1f8d2a624d130 100644 (file)
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -2375,9 +2375,7 @@ virNWFilterRuleParse(xmlNodePtr node)
                     if (virNWFilterRuleDetailsParse(cur,
                                                     ret,
                                                     virAttr[i].att) < 0) {
-                        /* we ignore malformed rules
-                           goto err_exit;
-                        */
+                        goto err_exit;
                     }
                     break;
                 }
@@ -2582,11 +2580,13 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
                 goto cleanup;
             }
 
-            /* ignore malformed rule and include elements */
-            if (xmlStrEqual(curr->name, BAD_CAST "rule"))
-                entry->rule = virNWFilterRuleParse(curr);
-            else if (xmlStrEqual(curr->name, BAD_CAST "filterref"))
-                entry->include = virNWFilterIncludeParse(curr);
+            if (xmlStrEqual(curr->name, BAD_CAST "rule")) {
+                if (!(entry->rule = virNWFilterRuleParse(curr)))
+                    goto cleanup;
+            } else if (xmlStrEqual(curr->name, BAD_CAST "filterref")) {
+                if (!(entry->include = virNWFilterIncludeParse(curr)))
+                    goto cleanup;
+            }
 
             if (entry->rule || entry->include) {
                 if (VIR_REALLOC_N(ret->filterEntries, ret->nentries+1) < 0) {

diff --git a/tests/nwfilterxml2xmltest.c b/tests/nwfilterxml2xmltest.c
index 158bc9f4ce1071971b53846d22334bb54d8ee4a8..1250260cdae64707e5266b6a6ca0b03a03df7cbe 100644 (file)
--- a/tests/nwfilterxml2xmltest.c
+++ b/tests/nwfilterxml2xmltest.c
@@ -34,15 +34,12 @@ testCompareXMLToXMLFiles(const char *inxml, const char *outxml,
 
     virResetLastError();
 
-    if (!(dev = virNWFilterDefParseString(NULL, inXmlData)))
+    if (!(dev = virNWFilterDefParseString(NULL, inXmlData))) {
+        if (expect_error) {
+            virResetLastError();
+            goto done;
+        }
         goto fail;
-
-    if (!!virGetLastError() != expect_error)
-        goto fail;
-
-    if (expect_error) {
-        /* need to suppress the errors */
-        virResetLastError();
     }
 
     if (!(actual = virNWFilterDefFormat(dev)))
@@ -53,6 +50,7 @@ testCompareXMLToXMLFiles(const char *inxml, const char *outxml,
         goto fail;
     }
 
+ done:
     ret = 0;
 
  fail: