From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 6 Nov 2025 14:01:26 +0000 (+0100)
Subject: ch: Use correct domain definition in chDomainGetXMLDesc()
X-Git-Tag: CVE-2025-12748~20
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7e5d224536b511b014221601af16120bb491aa56;p=thirdparty%2Flibvirt.git

ch: Use correct domain definition in chDomainGetXMLDesc()

The chDomainGetXMLDesc() function claims to support
VIR_DOMAIN_XML_INACTIVE to obtain the persistent definition of a
running domain (in its call to virCheckFlags()) but in fact, it's
always passing vm->def to virDomainDefFormat().

So far, there's no harm done because CH driver never sets domain
def as transient. But that'll change.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---

diff --git a/src/ch/ch_driver.c b/src/ch/ch_driver.c
index ad13306c4c..8ec90e1192 100644
--- a/src/ch/ch_driver.c
+++ b/src/ch/ch_driver.c
@@ -1277,6 +1277,7 @@ static char *chDomainGetXMLDesc(virDomainPtr dom,
 {
     virCHDriver *driver = dom->conn->privateData;
     virDomainObj *vm;
+    virDomainDef *def;
     char *ret = NULL;
 
     virCheckFlags(VIR_DOMAIN_XML_COMMON_FLAGS, NULL);
@@ -1287,7 +1288,13 @@ static char *chDomainGetXMLDesc(virDomainPtr dom,
     if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0)
         goto cleanup;
 
-    ret = virDomainDefFormat(vm->def, driver->xmlopt,
+    if ((flags & VIR_DOMAIN_XML_INACTIVE) && vm->newDef) {
+        def = vm->newDef;
+    } else {
+        def = vm->def;
+    }
+
+    ret = virDomainDefFormat(def, driver->xmlopt,
                              virDomainDefFormatConvertXMLFlags(flags));
 
  cleanup: