From: Martin Kletzander Date: Thu, 6 Nov 2025 15:03:26 +0000 (+0100) Subject: vz: Check ACLs before parsing the whole domain XML X-Git-Tag: CVE-2025-12748~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7285c10a7e70c430f85af7a2b3954892ab3c6d6b;p=thirdparty%2Flibvirt.git vz: Check ACLs before parsing the whole domain XML Utilise the new virDomainDefIDsParseString() for that. Fixes: CVE-2025-12748 Reported-by: Святослав Терешин Signed-off-by: Martin Kletzander Reviewed-by: Michal Privoznik --- diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index 571735f940..2d8878fe7f 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -789,6 +789,15 @@ vzDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) if (flags & VIR_DOMAIN_DEFINE_VALIDATE) parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA; + /* Avoid parsing the whole domain definition for ACL checks */ + if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) + return NULL; + + if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) + return NULL; + + g_clear_pointer(&def, virDomainDefFree); + if ((def = virDomainDefParseString(xml, driver->xmlopt, NULL, parse_flags)) == NULL) goto cleanup; @@ -796,9 +805,6 @@ vzDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) if (virXMLCheckIllegalChars("name", def->name, "\n") < 0) goto cleanup; - if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) - goto cleanup; - dom = virDomainObjListFindByUUID(driver->domains, def->uuid); if (dom == NULL) { virResetLastError(); @@ -2966,9 +2972,9 @@ vzDomainMigratePrepare3Params(virConnectPtr conn, | VZ_MIGRATION_COOKIE_DOMAIN_NAME) < 0) return -1; - if (!(def = virDomainDefParseString(dom_xml, driver->xmlopt, - NULL, - VIR_DOMAIN_DEF_PARSE_INACTIVE))) + /* Avoid parsing the whole domain definition for ACL checks */ + if (!(def = virDomainDefIDsParseString(dom_xml, driver->xmlopt, + VIR_DOMAIN_DEF_PARSE_INACTIVE))) return -1; if (dname) {