On a Tuesday in 2023, Michal Privoznik wrote:
When working with VirtualBox's snapshots, the snapshot XML is firstly parsed, stored in memory (with some parts being stored as verbatim XML snippets, strings), requested changes are made and then this modified XML is formatted via virVBoxSnapshotConfSaveVboxFile() which calls xmlParseInNodeContext() to format those previously stored XML snippets. The first parse of whole VirtualBox snapshot file is done using virXMLParse() (in virVBoxSnapshotConfLoadVboxFile()) and thus with XML_PARSE_NONET specified. But those ad-hoc parsings when formatting the XML back pass zero flags mask: xmlParseInNodeContext(..., options = 0, ...); This is potentially dangerous. Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> --- src/vbox/vbox_snapshot_conf.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-)
Reviewed-by: Ján Tomko <jtomko@xxxxxxxxxx> Jano
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Devel mailing list -- devel@xxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
