From: Martin Kletzander <mkletzan@redhat.com>
Utilise the new virDomainDefIDsParseString() for that.
Fixes: CVE-2025-12748
Reported-by: Святослав Терешин <s.tereshin@fobos-nt.ru>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
src/libxl/libxl_driver.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index 107477250ab8..0cdeec08bedc 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -1027,13 +1027,18 @@ libxlDomainCreateXML(virConnectPtr conn, const char *xml,
if (flags & VIR_DOMAIN_START_VALIDATE)
parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA;
- if (!(def = virDomainDefParseString(xml, driver->xmlopt,
- NULL, parse_flags)))
+ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags)))
goto cleanup;
if (virDomainCreateXMLEnsureACL(conn, def) < 0)
goto cleanup;
+ g_clear_pointer(&def, virObjectUnref);
+
+ if (!(def = virDomainDefParseString(xml, driver->xmlopt,
+ NULL, parse_flags)))
+ goto cleanup;
+
if (!(vm = virDomainObjListAdd(driver->domains, &def,
driver->xmlopt,
VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
@@ -2813,6 +2818,14 @@ libxlDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flag
if (flags & VIR_DOMAIN_DEFINE_VALIDATE)
parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA;
+ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags)))
+ goto cleanup;
+
+ if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
+ goto cleanup;
+
+ g_clear_pointer(&def, virObjectUnref);
+
if (!(def = virDomainDefParseString(xml, driver->xmlopt,
NULL, parse_flags)))
goto cleanup;
@@ -2820,9 +2833,6 @@ libxlDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flag
if (virXMLCheckIllegalChars("name", def->name, "\n") < 0)
goto cleanup;
- if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
- goto cleanup;
-
if (!(vm = virDomainObjListAdd(driver->domains, &def,
driver->xmlopt,
0,
--
2.51.2