qemu: Forbid slashes in shmem name

With that users could access files outside /dev/shm. That itself isn't a security problem, but might cause some errors we want to avoid. So let's forbid slashes as we do with domain and volume names and also mention that in the schema. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1395496 Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2024-07-11 04:15:49 +00:00 · 2017-02-01 17:14:00 +01:00 · 2017-02-01 17:14:00 +01:00 · 1c06d0faba
commit 1c06d0faba
parent e441de669f
2 changed files with 27 additions and 1 deletions
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@ -3633,7 +3633,11 @@

  <define name="shmem">
    <element name="shmem">
-      <attribute name="name"/>
+      <attribute name="name">
+        <data type="string">
+          <param name="pattern">[^/]*</param>
+        </data>
+      </attribute>
      <interleave>
        <optional>
          <element name="model">
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@ -4589,6 +4589,25 @@ qemuProcessStartValidateIOThreads(virDomainObjPtr vm,
 }


+qemuProcessStartValidateShmem(virDomainObjPtr vm)
+{
+    size_t i;
+
+    for (i = 0; i < vm->def->nshmems; i++) {
+        virDomainShmemDefPtr shmem = vm->def->shmems[i];
+
+        if (strchr(shmem->name, '/')) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("shmem name '%s' must not contain '/'"),
+                           shmem->name);
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+
 static int
 qemuProcessStartValidateXML(virQEMUDriverPtr driver,
                            virDomainObjPtr vm,
@ -4668,6 +4687,9 @@ qemuProcessStartValidate(virQEMUDriverPtr driver,
    if (qemuProcessStartValidateIOThreads(vm, qemuCaps) < 0)
        return -1;

+    if (qemuProcessStartValidateShmem(vm) < 0)
+        return -1;
+
    VIR_DEBUG("Checking for any possible (non-fatal) issues");

    qemuProcessStartWarnShmem(vm);