Don't ignore errors parsing nwfilter rules

For inexplicable reasons, the nwfilter XML parser is intentionally ignoring errors that arise during parsing. As well as meaning that users don't get any feedback on their XML mistakes, this will lead it to silently drop data in OOM conditions. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> (cherry picked from commit 4f2094346d)
2025-01-03 11:35:19 +00:00 · 2013-09-25 15:26:58 +01:00 · 2013-09-25 15:26:58 +01:00 · d48b2398d6
commit d48b2398d6
parent 9b1e050856
2 changed files with 14 additions and 16 deletions
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@ -2377,9 +2377,7 @@ virNWFilterRuleParse(xmlNodePtr node)
                    if (virNWFilterRuleDetailsParse(cur,
                                                    ret,
                                                    virAttr[i].att) < 0) {
-                        /* we ignore malformed rules
-                           goto err_exit;
-                        */
+                        goto err_exit;
                    }
                    break;
                }
@ -2587,11 +2585,13 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
                goto cleanup;
            }

-            /* ignore malformed rule and include elements */
-            if (xmlStrEqual(curr->name, BAD_CAST "rule"))
-                entry->rule = virNWFilterRuleParse(curr);
-            else if (xmlStrEqual(curr->name, BAD_CAST "filterref"))
-                entry->include = virNWFilterIncludeParse(curr);
+            if (xmlStrEqual(curr->name, BAD_CAST "rule")) {
+                if (!(entry->rule = virNWFilterRuleParse(curr)))
+                    goto cleanup;
+            } else if (xmlStrEqual(curr->name, BAD_CAST "filterref")) {
+                if (!(entry->include = virNWFilterIncludeParse(curr)))
+                    goto cleanup;
+            }

            if (entry->rule || entry->include) {
                if (VIR_REALLOC_N(ret->filterEntries, ret->nentries+1) < 0) {
--- a/tests/nwfilterxml2xmltest.c
+++ b/tests/nwfilterxml2xmltest.c
@ -33,15 +33,12 @@ testCompareXMLToXMLFiles(const char *inxml, const char *outxml,

    virResetLastError();

-    if (!(dev = virNWFilterDefParseString(NULL, inXmlData)))
+    if (!(dev = virNWFilterDefParseString(NULL, inXmlData))) {
+        if (expect_error) {
+            virResetLastError();
+            goto done;
+        }
        goto fail;
-
-    if (!!virGetLastError() != expect_error)
-        goto fail;
-
-    if (expect_error) {
-        /* need to suppress the errors */
-        virResetLastError();
    }

    if (!(actual = virNWFilterDefFormat(dev)))
@ -52,6 +49,7 @@ testCompareXMLToXMLFiles(const char *inxml, const char *outxml,
        goto fail;
    }

+ done:
    ret = 0;

 fail: