https://bugzilla.redhat.com/show_bug.cgi?id=1107420 Add a new define/create flag VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID to disallow new secrets to be defined/created using a usage id comprised entirely of spaces. Alter the secretxml2xmltest to add a parse failure scenario and a test in order to prove the failure occurs. Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx> --- src/conf/secret_conf.c | 10 ++++++- src/conf/secret_conf.h | 7 +++++ src/secret/secret_driver.c | 3 +- .../usage-whitespace-invalid.xml | 7 +++++ tests/secretxml2xmltest.c | 30 +++++++++++++++---- 5 files changed, 49 insertions(+), 8 deletions(-) create mode 100644 tests/secretxml2xmlin/usage-whitespace-invalid.xml diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c index d98a4f2442..9a77327014 100644 --- a/src/conf/secret_conf.c +++ b/src/conf/secret_conf.c @@ -130,7 +130,7 @@ virSecretDefParseXML(xmlXPathContextPtr ctxt, char *prop = NULL; char *uuidstr = NULL; - virCheckFlags(0, NULL); + virCheckFlags(VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID, NULL); if (VIR_ALLOC(def) < 0) goto cleanup; @@ -183,6 +183,14 @@ virSecretDefParseXML(xmlXPathContextPtr ctxt, if (virXPathNode("./usage", ctxt) != NULL && virSecretDefParseUsage(ctxt, def) < 0) goto cleanup; + + if (def->usage_id && (flags & VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID) && + virStringIsEmpty(def->usage_id)) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("usage name must contain at least one non blank character")); + goto cleanup; + } + VIR_STEAL_PTR(ret, def); cleanup: diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h index 2a19629f54..b7aa70d785 100644 --- a/src/conf/secret_conf.h +++ b/src/conf/secret_conf.h @@ -39,6 +39,13 @@ struct _virSecretDef { void virSecretDefFree(virSecretDefPtr def); +typedef enum { + /* Perform extra name validation on new secret usage ids which + * will cause failure to parse the XML. Initially just that a + * name cannot be all white space. */ + VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID = 1 << 0, +} virSecretDefParseFlags; + virSecretDefPtr virSecretDefParseString(const char *xml, unsigned int flags); diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 5e1f82a314..2a66481d37 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -215,10 +215,11 @@ secretDefineXML(virConnectPtr conn, virSecretDefPtr backup = NULL; virSecretDefPtr def; virObjectEventPtr event = NULL; + unsigned int parse_flags = VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID; virCheckFlags(0, NULL); - if (!(def = virSecretDefParseString(xml, 0))) + if (!(def = virSecretDefParseString(xml, parse_flags))) return NULL; if (virSecretDefineXMLEnsureACL(conn, def) < 0) diff --git a/tests/secretxml2xmlin/usage-whitespace-invalid.xml b/tests/secretxml2xmlin/usage-whitespace-invalid.xml new file mode 100644 index 0000000000..7611bd53d1 --- /dev/null +++ b/tests/secretxml2xmlin/usage-whitespace-invalid.xml @@ -0,0 +1,7 @@ +<secret ephemeral='no' private='yes'> + <uuid>f52a81b2-424e-490c-823d-6bd4235bc572</uuid> + <description>Ceph secret</description> + <usage type='ceph'> + <name> </name> + </usage> +</secret> diff --git a/tests/secretxml2xmltest.c b/tests/secretxml2xmltest.c index 573edd6012..3c624d8319 100644 --- a/tests/secretxml2xmltest.c +++ b/tests/secretxml2xmltest.c @@ -9,14 +9,24 @@ #define VIR_FROM_THIS VIR_FROM_NONE static int -testCompareXMLToXMLFiles(const char *inxml, const char *outxml) +testCompareXMLToXMLFiles(const char *inxml, + const char *outxml, + bool expect_parse_fail) { char *actual = NULL; int ret = -1; virSecretDefPtr secret = NULL; - - if (!(secret = virSecretDefParseFile(inxml, 0))) + unsigned int parse_flags = VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID; + + if (!(secret = virSecretDefParseFile(inxml, parse_flags))) { + if (expect_parse_fail) { + VIR_TEST_DEBUG("Got expected parse failure msg='%s'", + virGetLastErrorMessage()); + virResetLastError(); + ret = 0; + } goto fail; + } if (!(actual = virSecretDefFormat(secret))) goto fail; @@ -35,6 +45,7 @@ testCompareXMLToXMLFiles(const char *inxml, const char *outxml) struct testInfo { const char *name; bool different; + bool expect_fail; }; static int @@ -54,7 +65,7 @@ testCompareXMLToXMLHelper(const void *data) goto cleanup; } - result = testCompareXMLToXMLFiles(inxml, outxml); + result = testCompareXMLToXMLFiles(inxml, outxml, info->expect_fail); cleanup: VIR_FREE(inxml); @@ -68,19 +79,26 @@ mymain(void) { int ret = 0; -#define DO_TEST(name) \ +#define DO_TEST_FULL(name, different, parse_fail) \ do { \ - const struct testInfo info = {name, false}; \ + const struct testInfo info = {name, different, parse_fail}; \ if (virTestRun("Secret XML->XML " name, \ testCompareXMLToXMLHelper, &info) < 0) \ ret = -1; \ } while (0) +#define DO_TEST(name) \ + DO_TEST_FULL(name, false, false) + +#define DO_TEST_PARSE_FAIL(name) \ + DO_TEST_FULL(name, false, true) + DO_TEST("ephemeral-usage-volume"); DO_TEST("usage-volume"); DO_TEST("usage-ceph"); DO_TEST("usage-iscsi"); DO_TEST("usage-tls"); + DO_TEST_PARSE_FAIL("usage-whitespace-invalid"); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } -- 2.17.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
