lxc: Check ACLs before parsing the whole domain XML

Utilise the new virDomainDefIDsParseString() for that. Fixes: CVE-2025-12748 Reported-by: Святослав Терешин <s.tereshin@fobos-nt.ru> Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2025-12-06 00:24:43 +03:00 · 2025-11-06 15:49:01 +01:00
parent a1f48bca07
commit a6dcfee896
1 changed files with 17 additions and 5 deletions
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -409,6 +409,15 @@ lxcDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags)
    if (!(caps = virLXCDriverGetCapabilities(driver, false)))
        goto cleanup;

+    /* Avoid parsing the whole domain definition for ACL checks */
+    if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags)))
+        goto cleanup;
+
+    if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
+        goto cleanup;
+
+    g_clear_pointer(&def, virDomainDefFree);
+
    if (!(def = virDomainDefParseString(xml, driver->xmlopt,
                                        NULL, parse_flags)))
        goto cleanup;
@@ -416,9 +425,6 @@ lxcDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags)
    if (virXMLCheckIllegalChars("name", def->name, "\n") < 0)
        goto cleanup;

-    if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
-        goto cleanup;
-
    if (virSecurityManagerVerify(driver->securityManager, def) < 0)
        goto cleanup;

@@ -1066,13 +1072,19 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn,
    if (!(caps = virLXCDriverGetCapabilities(driver, false)))
        goto cleanup;

-    if (!(def = virDomainDefParseString(xml, driver->xmlopt,
-                                        NULL, parse_flags)))
+    /* Avoid parsing the whole domain definition for ACL checks */
+    if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags)))
        goto cleanup;

    if (virDomainCreateXMLWithFilesEnsureACL(conn, def) < 0)
        goto cleanup;

+    g_clear_pointer(&def, virDomainDefFree);
+
+    if (!(def = virDomainDefParseString(xml, driver->xmlopt,
+                                        NULL, parse_flags)))
+        goto cleanup;
+
    if (virSecurityManagerVerify(driver->securityManager, def) < 0)
        goto cleanup;