vbox_snapshot_conf: Parse XMLs without net access

When working with VirtualBox's snapshots, the snapshot XML is
firstly parsed, stored in memory (with some parts being stored as
verbatim XML snippets, strings), requested changes are made and
then this modified XML is formatted via
virVBoxSnapshotConfSaveVboxFile() which calls
xmlParseInNodeContext() to format those previously stored XML
snippets.

The first parse of whole VirtualBox snapshot file is done using
virXMLParse() (in virVBoxSnapshotConfLoadVboxFile()) and thus
with XML_PARSE_NONET specified.

But those ad-hoc parsings when formatting the XML back pass zero
flags mask: xmlParseInNodeContext(..., options = 0, ...);

This is potentially dangerous.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Michal Privoznik 2023-11-20 04:49:53 +01:00
parent b31380c758
commit d8cb1cd50c

View File

@ -369,6 +369,7 @@ virVBoxSnapshotConfSerializeSnapshot(xmlNodePtr node,
int firstRegexResult = 0; int firstRegexResult = 0;
g_auto(GStrv) secondRegex = NULL; g_auto(GStrv) secondRegex = NULL;
int secondRegexResult = 0; int secondRegexResult = 0;
const int parseFlags = XML_PARSE_NONET;
uuid = g_strdup_printf("{%s}", snapshot->uuid); uuid = g_strdup_printf("{%s}", snapshot->uuid);
@ -406,7 +407,7 @@ virVBoxSnapshotConfSerializeSnapshot(xmlNodePtr node,
parseError = xmlParseInNodeContext(node, parseError = xmlParseInNodeContext(node,
snapshot->hardware, snapshot->hardware,
(int)strlen(snapshot->hardware), (int)strlen(snapshot->hardware),
0, parseFlags,
&hardwareNode); &hardwareNode);
if (parseError != XML_ERR_OK) { if (parseError != XML_ERR_OK) {
virReportError(VIR_ERR_XML_ERROR, "%s", virReportError(VIR_ERR_XML_ERROR, "%s",
@ -418,7 +419,7 @@ virVBoxSnapshotConfSerializeSnapshot(xmlNodePtr node,
/* storageController */ /* storageController */
if (xmlParseInNodeContext(node, snapshot->storageController, if (xmlParseInNodeContext(node, snapshot->storageController,
(int)strlen(snapshot->storageController), (int)strlen(snapshot->storageController),
0, parseFlags,
&storageControllerNode) != XML_ERR_OK) { &storageControllerNode) != XML_ERR_OK) {
virReportError(VIR_ERR_XML_ERROR, "%s", virReportError(VIR_ERR_XML_ERROR, "%s",
_("Unable to add the snapshot storageController")); _("Unable to add the snapshot storageController"));
@ -944,6 +945,7 @@ virVBoxSnapshotConfSaveVboxFile(virVBoxSnapshotConfMachine *machine,
int firstRegexResult = 0; int firstRegexResult = 0;
g_auto(GStrv) secondRegex = NULL; g_auto(GStrv) secondRegex = NULL;
int secondRegexResult = 0; int secondRegexResult = 0;
const int parseFlags = XML_PARSE_NONET;
if (machine == NULL) { if (machine == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@ -1051,7 +1053,7 @@ virVBoxSnapshotConfSaveVboxFile(virVBoxSnapshotConfMachine *machine,
parseError = xmlParseInNodeContext(mediaRegistryNode, parseError = xmlParseInNodeContext(mediaRegistryNode,
machine->mediaRegistry->otherMedia[i], machine->mediaRegistry->otherMedia[i],
(int)strlen(machine->mediaRegistry->otherMedia[i]), (int)strlen(machine->mediaRegistry->otherMedia[i]),
0, parseFlags,
&cur); &cur);
if (parseError != XML_ERR_OK) { if (parseError != XML_ERR_OK) {
virReportError(VIR_ERR_XML_ERROR, "%s", virReportError(VIR_ERR_XML_ERROR, "%s",
@ -1071,7 +1073,7 @@ virVBoxSnapshotConfSaveVboxFile(virVBoxSnapshotConfMachine *machine,
parseError = xmlParseInNodeContext(machineNode, parseError = xmlParseInNodeContext(machineNode,
machine->hardware, machine->hardware,
(int)strlen(machine->hardware), (int)strlen(machine->hardware),
0, parseFlags,
&cur); &cur);
if (parseError != XML_ERR_OK) { if (parseError != XML_ERR_OK) {
virReportError(VIR_ERR_XML_ERROR, "%s", virReportError(VIR_ERR_XML_ERROR, "%s",
@ -1084,7 +1086,7 @@ virVBoxSnapshotConfSaveVboxFile(virVBoxSnapshotConfMachine *machine,
parseError = xmlParseInNodeContext(xmlDocGetRootElement(xml), parseError = xmlParseInNodeContext(xmlDocGetRootElement(xml),
machine->extraData, machine->extraData,
(int)strlen(machine->extraData), (int)strlen(machine->extraData),
0, parseFlags,
&cur); &cur);
if (parseError != XML_ERR_OK) { if (parseError != XML_ERR_OK) {
virReportError(VIR_ERR_XML_ERROR, "%s", virReportError(VIR_ERR_XML_ERROR, "%s",
@ -1097,7 +1099,7 @@ virVBoxSnapshotConfSaveVboxFile(virVBoxSnapshotConfMachine *machine,
parseError = xmlParseInNodeContext(machineNode, parseError = xmlParseInNodeContext(machineNode,
machine->storageController, machine->storageController,
(int)strlen(machine->storageController), (int)strlen(machine->storageController),
0, parseFlags,
&cur); &cur);
if (parseError != XML_ERR_OK) { if (parseError != XML_ERR_OK) {
virReportError(VIR_ERR_XML_ERROR, "%s", virReportError(VIR_ERR_XML_ERROR, "%s",