From: Martin Kletzander <mkletzan@redhat.com>
Date: Thu, 6 Nov 2025 13:33:31 +0000 (+0100)
Subject: conf: Add virDomainDefIDsParseString
X-Git-Tag: CVE-2025-12748~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6de1e43ab6e907225b8f9bcea3772231908717e;p=thirdparty%2Flibvirt.git

conf: Add virDomainDefIDsParseString

This function performs only parsing with the underlying
virDomainDefParseIDs() function to get needed metadata for any ACL
checks, but nothing else to avoid extraneous allocations and any
parser-induced DoS over ACL-forbidden connections.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 396cd1c0db..d2dea6952e 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -20446,6 +20446,35 @@ virDomainDefParse(const char *xmlStr,
     return virDomainDefParseNode(ctxt, xmlopt, parseOpaque, flags);
 }
 
+virDomainDef *
+virDomainDefIDsParseString(const char *xmlStr,
+                           virDomainXMLOption *xmlopt,
+                           unsigned int flags)
+{
+    g_autoptr(virDomainDef) def = NULL;
+    g_autoptr(xmlDoc) xml = NULL;
+    g_autoptr(xmlXPathContext) ctxt = NULL;
+    bool uuid_generated = false;
+
+    xml = virXMLParseWithIndent(NULL, xmlStr, _("(domain_definition)"),
+                                "domain", &ctxt, "domain.rng", false);
+
+    if (!xml)
+        return NULL;
+
+    def = virDomainDefNew(xmlopt);
+    if (!def)
+        return NULL;
+
+    if (virDomainDefParseIDs(def, ctxt, flags, &uuid_generated) < 0)
+        return NULL;
+
+    if (uuid_generated)
+        memset(def->uuid, 0, VIR_UUID_BUFLEN);
+
+    return g_steal_pointer(&def);
+}
+
 virDomainDef *
 virDomainDefParseString(const char *xmlStr,
                         virDomainXMLOption *xmlopt,
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 81e735993d..11eb46ae53 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -3948,6 +3948,9 @@ virDomainDiskDef *virDomainDiskDefParse(const char *xmlStr,
 virStorageSource *virDomainDiskDefParseSource(const char *xmlStr,
                                               virDomainXMLOption *xmlopt,
                                               unsigned int flags);
+virDomainDef * virDomainDefIDsParseString(const char *xmlStr,
+                                          virDomainXMLOption *xmlopt,
+                                          unsigned int flags);
 virDomainDef *virDomainDefParseString(const char *xmlStr,
                                       virDomainXMLOption *xmlopt,
                                       void *parseOpaque,
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 7269dd3786..fb482fff40 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -352,6 +352,7 @@ virDomainDefHasTimer;
 virDomainDefHasUSB;
 virDomainDefHasVcpusOffline;
 virDomainDefHasVDPANet;
+virDomainDefIDsParseString;
 virDomainDefLifecycleActionAllowed;
 virDomainDefMaybeAddController;
 virDomainDefMaybeAddInput;