|
 |
80a318 |
From 982184d57fff654c1cccf0d4a4a5d1631058819d Mon Sep 17 00:00:00 2001
|
|
|
80a318 |
From: Michal Privoznik <mprivozn@redhat.com>
|
|
|
80a318 |
Date: Mon, 20 Nov 2023 04:49:53 +0100
|
|
|
f8539f |
Subject: [PATCH 2/8] vbox_snapshot_conf: Parse XMLs without net access
|
|
|
80a318 |
MIME-Version: 1.0
|
|
|
80a318 |
Content-Type: text/plain; charset=UTF-8
|
|
|
80a318 |
Content-Transfer-Encoding: 8bit
|
|
|
80a318 |
|
|
|
80a318 |
When working with VirtualBox's snapshots, the snapshot XML is
|
|
|
80a318 |
firstly parsed, stored in memory (with some parts being stored as
|
|
|
80a318 |
verbatim XML snippets, strings), requested changes are made and
|
|
|
80a318 |
then this modified XML is formatted via
|
|
|
80a318 |
virVBoxSnapshotConfSaveVboxFile() which calls
|
|
|
80a318 |
xmlParseInNodeContext() to format those previously stored XML
|
|
|
80a318 |
snippets.
|
|
|
80a318 |
|
|
|
80a318 |
The first parse of whole VirtualBox snapshot file is done using
|
|
|
80a318 |
virXMLParse() (in virVBoxSnapshotConfLoadVboxFile()) and thus
|
|
|
80a318 |
with XML_PARSE_NONET specified.
|
|
|
80a318 |
|
|
|
80a318 |
But those ad-hoc parsings when formatting the XML back pass zero
|
|
|
80a318 |
flags mask: xmlParseInNodeContext(..., options = 0, ...);
|
|
|
80a318 |
|
|
|
80a318 |
This is potentially dangerous.
|
|
|
80a318 |
|
|
|
80a318 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
80a318 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
80a318 |
(cherry picked from commit d8cb1cd50c608eb647fcb17c4347a2e9d5004e8d)
|
|
|
80a318 |
---
|
|
|
80a318 |
src/vbox/vbox_snapshot_conf.c | 14 ++++++++------
|
|
|
80a318 |
1 file changed, 8 insertions(+), 6 deletions(-)
|
|
|
80a318 |
|
|
|
80a318 |
diff --git a/src/vbox/vbox_snapshot_conf.c b/src/vbox/vbox_snapshot_conf.c
|
|
|
80a318 |
index 84f7aceac2..467255f77f 100644
|
|
|
80a318 |
--- a/src/vbox/vbox_snapshot_conf.c
|
|
|
80a318 |
+++ b/src/vbox/vbox_snapshot_conf.c
|
|
|
80a318 |
@@ -369,6 +369,7 @@ virVBoxSnapshotConfSerializeSnapshot(xmlNodePtr node,
|
|
|
80a318 |
int firstRegexResult = 0;
|
|
|
80a318 |
g_auto(GStrv) secondRegex = NULL;
|
|
|
80a318 |
int secondRegexResult = 0;
|
|
|
80a318 |
+ const int parseFlags = XML_PARSE_NONET;
|
|
|
80a318 |
|
|
|
80a318 |
uuid = g_strdup_printf("{%s}", snapshot->uuid);
|
|
|
80a318 |
|
|
|
80a318 |
@@ -406,7 +407,7 @@ virVBoxSnapshotConfSerializeSnapshot(xmlNodePtr node,
|
|
|
80a318 |
parseError = xmlParseInNodeContext(node,
|
|
|
80a318 |
snapshot->hardware,
|
|
|
80a318 |
(int)strlen(snapshot->hardware),
|
|
|
80a318 |
- 0,
|
|
|
80a318 |
+ parseFlags,
|
|
|
80a318 |
&hardwareNode);
|
|
|
80a318 |
if (parseError != XML_ERR_OK) {
|
|
|
80a318 |
virReportError(VIR_ERR_XML_ERROR, "%s",
|
|
|
80a318 |
@@ -418,7 +419,7 @@ virVBoxSnapshotConfSerializeSnapshot(xmlNodePtr node,
|
|
|
80a318 |
/* storageController */
|
|
|
80a318 |
if (xmlParseInNodeContext(node, snapshot->storageController,
|
|
|
80a318 |
(int)strlen(snapshot->storageController),
|
|
|
80a318 |
- 0,
|
|
|
80a318 |
+ parseFlags,
|
|
|
80a318 |
&storageControllerNode) != XML_ERR_OK) {
|
|
|
80a318 |
virReportError(VIR_ERR_XML_ERROR, "%s",
|
|
|
80a318 |
_("Unable to add the snapshot storageController"));
|
|
|
80a318 |
@@ -944,6 +945,7 @@ virVBoxSnapshotConfSaveVboxFile(virVBoxSnapshotConfMachine *machine,
|
|
|
80a318 |
int firstRegexResult = 0;
|
|
|
80a318 |
g_auto(GStrv) secondRegex = NULL;
|
|
|
80a318 |
int secondRegexResult = 0;
|
|
|
80a318 |
+ const int parseFlags = XML_PARSE_NONET;
|
|
|
80a318 |
|
|
|
80a318 |
if (machine == NULL) {
|
|
|
80a318 |
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
80a318 |
@@ -1051,7 +1053,7 @@ virVBoxSnapshotConfSaveVboxFile(virVBoxSnapshotConfMachine *machine,
|
|
|
80a318 |
parseError = xmlParseInNodeContext(mediaRegistryNode,
|
|
|
80a318 |
machine->mediaRegistry->otherMedia[i],
|
|
|
80a318 |
(int)strlen(machine->mediaRegistry->otherMedia[i]),
|
|
|
80a318 |
- 0,
|
|
|
80a318 |
+ parseFlags,
|
|
|
80a318 |
&cur);
|
|
|
80a318 |
if (parseError != XML_ERR_OK) {
|
|
|
80a318 |
virReportError(VIR_ERR_XML_ERROR, "%s",
|
|
|
80a318 |
@@ -1071,7 +1073,7 @@ virVBoxSnapshotConfSaveVboxFile(virVBoxSnapshotConfMachine *machine,
|
|
|
80a318 |
parseError = xmlParseInNodeContext(machineNode,
|
|
|
80a318 |
machine->hardware,
|
|
|
80a318 |
(int)strlen(machine->hardware),
|
|
|
80a318 |
- 0,
|
|
|
80a318 |
+ parseFlags,
|
|
|
80a318 |
&cur);
|
|
|
80a318 |
if (parseError != XML_ERR_OK) {
|
|
|
80a318 |
virReportError(VIR_ERR_XML_ERROR, "%s",
|
|
|
80a318 |
@@ -1084,7 +1086,7 @@ virVBoxSnapshotConfSaveVboxFile(virVBoxSnapshotConfMachine *machine,
|
|
|
80a318 |
parseError = xmlParseInNodeContext(xmlDocGetRootElement(xml),
|
|
|
80a318 |
machine->extraData,
|
|
|
80a318 |
(int)strlen(machine->extraData),
|
|
|
80a318 |
- 0,
|
|
|
80a318 |
+ parseFlags,
|
|
|
80a318 |
&cur);
|
|
|
80a318 |
if (parseError != XML_ERR_OK) {
|
|
|
80a318 |
virReportError(VIR_ERR_XML_ERROR, "%s",
|
|
|
80a318 |
@@ -1097,7 +1099,7 @@ virVBoxSnapshotConfSaveVboxFile(virVBoxSnapshotConfMachine *machine,
|
|
|
80a318 |
parseError = xmlParseInNodeContext(machineNode,
|
|
|
80a318 |
machine->storageController,
|
|
|
80a318 |
(int)strlen(machine->storageController),
|
|
|
80a318 |
- 0,
|
|
|
80a318 |
+ parseFlags,
|
|
|
80a318 |
&cur);
|
|
|
80a318 |
if (parseError != XML_ERR_OK) {
|
|
|
80a318 |
virReportError(VIR_ERR_XML_ERROR, "%s",
|
|
|
80a318 |
--
|
|
|
80a318 |
2.43.0
|
|
|
80a318 |
|