From nobody Mon May  6 12:22:51 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.24
 as permitted sender) client-ip=209.132.183.24;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx3-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.24 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx3-phx2.redhat.com (mx3-phx2.redhat.com [209.132.183.24]) by
 mx.zohomail.com
	with SMTPS id 1486041464498215.0862133405509;
 Thu, 2 Feb 2017 05:17:44 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v12DEJUU030841;
	Thu, 2 Feb 2017 08:14:19 -0500
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v12DEI3S015660 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 2 Feb 2017 08:14:18 -0500
Received: from caroline.brq.redhat.com (dhcp129-198.brq.redhat.com
	[10.34.129.198])
	by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v12DEHuq001958
	for <libvir-list@redhat.com>; Thu, 2 Feb 2017 08:14:17 -0500
From: Martin Kletzander <mkletzan@redhat.com>
To: libvir-list@redhat.com
Date: Thu,  2 Feb 2017 14:14:14 +0100
Message-Id: 
 <2ee47f7dc23c1d4b1ba2bea41211fff518bbfa85.1486041254.git.mkletzan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH] qemu: Forbid slashes in shmem name
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

With that users could access files outside /dev/shm.  That itself
isn't a security problem, but might cause some errors we want to
avoid.  So let's forbid slashes as we do with domain and volume names
and also mention that in the schema.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1395496

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
 docs/schemas/domaincommon.rng |  6 +++++-
 src/qemu/qemu_process.c       | 23 +++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index cc6e0d0c0d65..00cdc93bca59 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3598,7 +3598,11 @@

   <define name=3D"shmem">
     <element name=3D"shmem">
-      <attribute name=3D"name"/>
+      <attribute name=3D"name">
+        <data type=3D"string">
+          <param name=3D"pattern">[^/]*</param>
+        </data>
+      </attribute>
       <interleave>
         <optional>
           <element name=3D"model">
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 184440dc1af6..0f63668100a6 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4586,6 +4586,26 @@ qemuProcessStartValidateVideo(virDomainObjPtr vm,


 static int
+qemuProcessStartValidateShmem(virDomainObjPtr vm)
+{
+    size_t i;
+
+    for (i =3D 0; i < vm->def->nshmems; i++) {
+        virDomainShmemDefPtr shmem =3D vm->def->shmems[i];
+
+        if (strchr(shmem->name, '/')) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("shmem name '%s' must not contain '/'"),
+                           shmem->name);
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+
+static int
 qemuProcessStartValidateXML(virQEMUDriverPtr driver,
                             virDomainObjPtr vm,
                             virQEMUCapsPtr qemuCaps,
@@ -4661,6 +4681,9 @@ qemuProcessStartValidate(virQEMUDriverPtr driver,
     if (qemuProcessStartValidateVideo(vm, qemuCaps) < 0)
         return -1;

+    if (qemuProcessStartValidateShmem(vm) < 0)
+        return -1;
+
     VIR_DEBUG("Checking for any possible (non-fatal) issues");

     qemuProcessStartWarnShmem(vm);
--=20
2.11.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list