From 1b0caedb72fd819154d40199eec2f97b85252c99 Mon Sep 17 00:00:00 2001
From: Kristina Hanicova <khanicov@redhat.com>
Date: Fri, 20 Aug 2021 13:57:08 +0200
Subject: [PATCH] nwfilter_conf: add validation against schema in define

This patch also includes propagation of flags into the
virNWFilterDefParse().

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/conf/nwfilter_conf.c       | 13 ++++++++-----
 src/conf/nwfilter_conf.h       |  3 ++-
 src/nwfilter/nwfilter_driver.c |  2 +-
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index 7d491e27b1..a3109962af 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -2739,12 +2739,14 @@ virNWFilterDefParseNode(xmlDocPtr xml,
 
 static virNWFilterDef *
 virNWFilterDefParse(const char *xmlStr,
-                    const char *filename)
+                    const char *filename,
+                    unsigned int flags)
 {
     virNWFilterDef *def = NULL;
     g_autoptr(xmlDoc) xml = NULL;
 
-    if ((xml = virXMLParse(filename, xmlStr, _("(nwfilter_definition)"), NULL, false))) {
+    if ((xml = virXMLParse(filename, xmlStr, _("(nwfilter_definition)"), "nwfilter.rng",
+                           flags & VIR_NWFILTER_DEFINE_VALIDATE))) {
         def = virNWFilterDefParseNode(xml, xmlDocGetRootElement(xml));
     }
 
@@ -2753,16 +2755,17 @@ virNWFilterDefParse(const char *xmlStr,
 
 
 virNWFilterDef *
-virNWFilterDefParseString(const char *xmlStr)
+virNWFilterDefParseString(const char *xmlStr,
+                          unsigned int flags)
 {
-    return virNWFilterDefParse(xmlStr, NULL);
+    return virNWFilterDefParse(xmlStr, NULL, flags);
 }
 
 
 virNWFilterDef *
 virNWFilterDefParseFile(const char *filename)
 {
-    return virNWFilterDefParse(NULL, filename);
+    return virNWFilterDefParse(NULL, filename, 0);
 }
 
 
diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index 8d5684eb4e..bbe12284a5 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -546,7 +546,8 @@ virNWFilterSaveConfig(const char *configDir,
                       virNWFilterDef *def);
 
 virNWFilterDef *
-virNWFilterDefParseString(const char *xml);
+virNWFilterDefParseString(const char *xml,
+                          unsigned int flags);
 
 virNWFilterDef *
 virNWFilterDefParseFile(const char *filename);
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 25391c9adf..665a962f4a 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -547,7 +547,7 @@ nwfilterDefineXMLFlags(virConnectPtr conn,
     nwfilterDriverLock();
     virNWFilterWriteLockFilterUpdates();
 
-    if (!(def = virNWFilterDefParseString(xml)))
+    if (!(def = virNWFilterDefParseString(xml, 0)))
         goto cleanup;
 
     if (virNWFilterDefineXMLFlagsEnsureACL(conn, def) < 0)