From: Jim Fehlig <jfehlig@suse.com>
Date: Wed, 4 Sep 2013 22:14:30 +0000 (-0600)
Subject: libxl: Compile regular expression where it is used
X-Git-Tag: CVE-2013-4311~95
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e0ba0bd05769124976ceda2ad8881be1ff19afe;p=thirdparty%2Flibvirt.git

libxl: Compile regular expression where it is used

The regular expression used to determine guest capabilities
was compiled in libxlCapsInitHost() but used in libxlCapsInitGuests().
Move compilation to libxlCapsInitGuests() where it is used, and free
the compiled regex after use.  Ensure not to free the regex if
compilation fails.
---

diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index a6344769ee..d4226b818d 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -61,8 +61,7 @@ struct guest_arch {
     int ia64_be;
 };
 
-static const char *xen_cap_re = "(xen|hvm)-[[:digit:]]+\\.[[:digit:]]+-(x86_32|x86_64|ia64|powerpc64)(p|be)?";
-static regex_t xen_cap_rec;
+#define XEN_CAP_REGEX "(xen|hvm)-[[:digit:]]+\\.[[:digit:]]+-(x86_32|x86_64|ia64|powerpc64)(p|be)?"
 
 
 static virClassPtr libxlDriverConfigClass;
@@ -103,20 +102,9 @@ libxlDriverConfigDispose(void *obj)
 static int
 libxlCapsInitHost(libxl_ctx *ctx, virCapsPtr caps)
 {
-    int err;
     libxl_physinfo phy_info;
     int host_pae;
 
-    err = regcomp(&xen_cap_rec, xen_cap_re, REG_EXTENDED);
-    if (err != 0) {
-        char error[100];
-        regerror(err, &xen_cap_rec, error, sizeof(error));
-        regfree(&xen_cap_rec);
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Failed to compile regex %s"), error);
-        return -1;
-    }
-
     if (libxl_get_physinfo(ctx, &phy_info) != 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                        _("Failed to get node physical info from libxenlight"));
@@ -249,6 +237,8 @@ static int
 libxlCapsInitGuests(libxl_ctx *ctx, virCapsPtr caps)
 {
     const libxl_version_info *ver_info;
+    int err;
+    regex_t regex;
     char *str, *token;
     regmatch_t subs[4];
     char *saveptr = NULL;
@@ -265,6 +255,16 @@ libxlCapsInitGuests(libxl_ctx *ctx, virCapsPtr caps)
                        _("Failed to get version info from libxenlight"));
         return -1;
     }
+
+    err = regcomp(&regex, XEN_CAP_REGEX, REG_EXTENDED);
+    if (err != 0) {
+        char error[100];
+        regerror(err, &regex, error, sizeof(error));
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Failed to compile regex %s"), error);
+        return -1;
+    }
+
     /* Format of capabilities string is documented in the code in
      * xen-unstable.hg/xen/arch/.../setup.c.
      *
@@ -294,7 +294,7 @@ libxlCapsInitGuests(libxl_ctx *ctx, virCapsPtr caps)
          nr_guest_archs < sizeof(guest_archs) / sizeof(guest_archs[0])
                  && (token = strtok_r(str, " ", &saveptr)) != NULL;
          str = NULL) {
-        if (regexec(&xen_cap_rec, token, sizeof(subs) / sizeof(subs[0]),
+        if (regexec(&regex, token, sizeof(subs) / sizeof(subs[0]),
                     subs, 0) == 0) {
             int hvm = STRPREFIX(&token[subs[1].rm_so], "hvm");
             virArch arch;
@@ -353,6 +353,7 @@ libxlCapsInitGuests(libxl_ctx *ctx, virCapsPtr caps)
                 guest_archs[i].ia64_be = ia64_be;
         }
     }
+    regfree(&regex);
 
     for (i = 0; i < nr_guest_archs; ++i) {
         virCapsGuestPtr guest;