From: Martin Kletzander <mkletzan@redhat.com>
Utilise the new virDomainDefIDsParseString() for that.
Fixes: CVE-2025-12748
Reported-by: Святослав Терешин <s.tereshin@fobos-nt.ru>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
src/vz/vz_driver.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c
index 571735f94054..9fd9b199cd01 100644
--- a/src/vz/vz_driver.c
+++ b/src/vz/vz_driver.c
@@ -789,6 +789,15 @@ vzDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags)
if (flags & VIR_DOMAIN_DEFINE_VALIDATE)
parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA;
+ /* Avoid parsing the whole domain definition for ACL checks */
+ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags)))
+ return NULL;
+
+ if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
+ return NULL;
+
+ g_clear_pointer(&def, virObjectUnref);
+
if ((def = virDomainDefParseString(xml, driver->xmlopt,
NULL, parse_flags)) == NULL)
goto cleanup;
@@ -796,9 +805,6 @@ vzDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags)
if (virXMLCheckIllegalChars("name", def->name, "\n") < 0)
goto cleanup;
- if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
- goto cleanup;
-
dom = virDomainObjListFindByUUID(driver->domains, def->uuid);
if (dom == NULL) {
virResetLastError();
@@ -2966,9 +2972,9 @@ vzDomainMigratePrepare3Params(virConnectPtr conn,
| VZ_MIGRATION_COOKIE_DOMAIN_NAME) < 0)
return -1;
- if (!(def = virDomainDefParseString(dom_xml, driver->xmlopt,
- NULL,
- VIR_DOMAIN_DEF_PARSE_INACTIVE)))
+ /* Avoid parsing the whole domain definition for ACL checks */
+ if (!(def = virDomainDefIDsParseString(dom_xml, driver->xmlopt,
+ VIR_DOMAIN_DEF_PARSE_INACTIVE)))
return -1;
if (dname) {
--
2.51.2