https://bugzilla.redhat.com/show_bug.cgi?id=1107420 Add a new define/create flag VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME to disallow new nwfilters to be defined/created using a name comprised entirely of spaces. Alter the nwfilterxml2xmltest to add a test in order to prove the failure occurs. Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx> --- src/conf/nwfilter_conf.c | 9 ++++++++- src/conf/nwfilter_conf.h | 7 +++++++ src/nwfilter/nwfilter_driver.c | 3 ++- tests/nwfilterxml2xmlin/name-whitespace-invalid.xml | 4 ++++ tests/nwfilterxml2xmltest.c | 7 ++++++- 5 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 tests/nwfilterxml2xmlin/name-whitespace-invalid.xml diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c index c1867fb946..4f99f88dca 100644 --- a/src/conf/nwfilter_conf.c +++ b/src/conf/nwfilter_conf.c @@ -2614,7 +2614,7 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt, int chain_priority; const char *name_prefix; - virCheckFlags(0, NULL); + virCheckFlags(VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME, NULL); if (VIR_ALLOC(ret) < 0) return NULL; @@ -2626,6 +2626,13 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt, goto cleanup; } + if ((flags & VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME) && + virStringIsEmpty(ret->name)) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("name must contain at least one non blank character")); + goto cleanup; + } + chain_pri_s = virXPathString("string(./@priority)", ctxt); if (chain_pri_s) { if (virStrToLong_i(chain_pri_s, NULL, 10, &chain_priority) < 0) { diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index 5ffdc07fab..2a7eabbf91 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -559,6 +559,13 @@ int virNWFilterDeleteDef(const char *configDir, virNWFilterDefPtr def); +typedef enum { + /* Perform extra name validation on new nwfilter names which + * will cause failure to parse the XML. Initially just that a + * name cannot be all white space. */ + VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME = 1 << 0, +} virNWFilterDefParseFlags; + virNWFilterDefPtr virNWFilterDefParseNode(xmlDocPtr xml, xmlNodePtr root, diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index d850a66b28..3529dfa519 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -546,6 +546,7 @@ nwfilterDefineXML(virConnectPtr conn, virNWFilterObjPtr obj = NULL; virNWFilterDefPtr objdef; virNWFilterPtr nwfilter = NULL; + unsigned int parse_flags = VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME; if (!driver->privileged) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", @@ -556,7 +557,7 @@ nwfilterDefineXML(virConnectPtr conn, nwfilterDriverLock(); virNWFilterWriteLockFilterUpdates(); - if (!(def = virNWFilterDefParseString(xml, 0))) + if (!(def = virNWFilterDefParseString(xml, parse_flags))) goto cleanup; if (virNWFilterDefineXMLEnsureACL(conn, def) < 0) diff --git a/tests/nwfilterxml2xmlin/name-whitespace-invalid.xml b/tests/nwfilterxml2xmlin/name-whitespace-invalid.xml new file mode 100644 index 0000000000..452847ae93 --- /dev/null +++ b/tests/nwfilterxml2xmlin/name-whitespace-invalid.xml @@ -0,0 +1,4 @@ +<filter name=' '> + <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid> + <filterref filter=' '/> +</filter> diff --git a/tests/nwfilterxml2xmltest.c b/tests/nwfilterxml2xmltest.c index 0c79afa8ee..de63ab1a91 100644 --- a/tests/nwfilterxml2xmltest.c +++ b/tests/nwfilterxml2xmltest.c @@ -26,11 +26,14 @@ testCompareXMLToXMLFiles(const char *inxml, const char *outxml, char *actual = NULL; int ret = -1; virNWFilterDefPtr dev = NULL; + unsigned int parse_flags = VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME; virResetLastError(); - if (!(dev = virNWFilterDefParseFile(inxml, 0))) { + if (!(dev = virNWFilterDefParseFile(inxml, parse_flags))) { if (expect_error) { + VIR_TEST_DEBUG("Got expected parse failure msg='%s'", + virGetLastErrorMessage()); virResetLastError(); goto done; } @@ -149,6 +152,8 @@ mymain(void) DO_TEST("ipset-test", false); + DO_TEST("name-whitespace-invalid", true); + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } -- 2.17.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
