From: Martin Kletzander <[email protected]> Utilise the new virDomainDefIDsParseString() for that.
Fixes: CVE-2025-12748 Reported-by: Святослав Терешин <[email protected]> Signed-off-by: Martin Kletzander <[email protected]> --- src/lxc/lxc_driver.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 80cf07d2e5ff..0564f3e5332e 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -409,6 +409,15 @@ lxcDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) if (!(caps = virLXCDriverGetCapabilities(driver, false))) goto cleanup; + /* Avoid parsing the whole domain definition for ACL checks */ + if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) + goto cleanup; + + if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) + goto cleanup; + + g_clear_pointer(&def, virObjectUnref); + if (!(def = virDomainDefParseString(xml, driver->xmlopt, NULL, parse_flags))) goto cleanup; @@ -416,9 +425,6 @@ lxcDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) if (virXMLCheckIllegalChars("name", def->name, "\n") < 0) goto cleanup; - if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) - goto cleanup; - if (virSecurityManagerVerify(driver->securityManager, def) < 0) goto cleanup; @@ -1066,13 +1072,19 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn, if (!(caps = virLXCDriverGetCapabilities(driver, false))) goto cleanup; - if (!(def = virDomainDefParseString(xml, driver->xmlopt, - NULL, parse_flags))) + /* Avoid parsing the whole domain definition for ACL checks */ + if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags))) goto cleanup; if (virDomainCreateXMLWithFilesEnsureACL(conn, def) < 0) goto cleanup; + g_clear_pointer(&def, virObjectUnref); + + if (!(def = virDomainDefParseString(xml, driver->xmlopt, + NULL, parse_flags))) + goto cleanup; + if (virSecurityManagerVerify(driver->securityManager, def) < 0) goto cleanup; -- 2.51.2
