From: Martin Kletzander <mkletzan@redhat.com>
Utilise the new virDomainDefIDsParseString() for that.
Fixes: CVE-2025-12748
Reported-by: Святослав Терешин <s.tereshin@fobos-nt.ru>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
src/lxc/lxc_driver.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 80cf07d2e5ff..0564f3e5332e 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -409,6 +409,15 @@ lxcDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags)
if (!(caps = virLXCDriverGetCapabilities(driver, false)))
goto cleanup;
+ /* Avoid parsing the whole domain definition for ACL checks */
+ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags)))
+ goto cleanup;
+
+ if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
+ goto cleanup;
+
+ g_clear_pointer(&def, virObjectUnref);
+
if (!(def = virDomainDefParseString(xml, driver->xmlopt,
NULL, parse_flags)))
goto cleanup;
@@ -416,9 +425,6 @@ lxcDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags)
if (virXMLCheckIllegalChars("name", def->name, "\n") < 0)
goto cleanup;
- if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
- goto cleanup;
-
if (virSecurityManagerVerify(driver->securityManager, def) < 0)
goto cleanup;
@@ -1066,13 +1072,19 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn,
if (!(caps = virLXCDriverGetCapabilities(driver, false)))
goto cleanup;
- if (!(def = virDomainDefParseString(xml, driver->xmlopt,
- NULL, parse_flags)))
+ /* Avoid parsing the whole domain definition for ACL checks */
+ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags)))
goto cleanup;
if (virDomainCreateXMLWithFilesEnsureACL(conn, def) < 0)
goto cleanup;
+ g_clear_pointer(&def, virObjectUnref);
+
+ if (!(def = virDomainDefParseString(xml, driver->xmlopt,
+ NULL, parse_flags)))
+ goto cleanup;
+
if (virSecurityManagerVerify(driver->securityManager, def) < 0)
goto cleanup;
--
2.51.2