render / rpms / libvirt

Forked from rpms/libvirt 10 months ago
Clone
Source Code
GIT

Blame SOURCES/libvirt-virStorageSourceParseBackingJSON-Prevent-arbitrary-nesting-with-format-drivers.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale libvirt-hyperscale-10.4.0 upgrade-hyperscale-libvirt
  1.   8c03ec6cc944cf4270ebd4895bf06266e170e1fd
  2.   SOURCES
  3.   libvirt-virStorageSourceParseBackingJSON-Prevent-arbitrary-nesting-with-format-drivers.patch
Blob History Raw
fbe740 
From 57eb21eb48d76798f0c990c839df148301e9cb0e Mon Sep 17 00:00:00 2001
fbe740 
Message-Id: <57eb21eb48d76798f0c990c839df148301e9cb0e@dist-git>
fbe740 
From: Peter Krempa <pkrempa@redhat.com>
fbe740 
Date: Wed, 19 Feb 2020 15:10:10 +0100
fbe740 
Subject: [PATCH] virStorageSourceParseBackingJSON: Prevent arbitrary nesting
fbe740 
 with format drivers
fbe740 
MIME-Version: 1.0
fbe740 
Content-Type: text/plain; charset=UTF-8
fbe740 
Content-Transfer-Encoding: 8bit
fbe740
fbe740 
Since we parse attributes for 'raw' which is a format driver and thus
fbe740 
has nested 'file' structure we must prevent that this isn't nested
fbe740 
arbitrarily.
fbe740
fbe740 
Add a flag for the function which allows parsing of 'format' type
fbe740 
drivers only on the first pass.
fbe740
fbe740 
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
fbe740 
Reviewed-by: Ján Tomko <jtomko@redhat.com>
fbe740 
(cherry picked from commit fd70f1b4d324361bb9a708762631690aca043178)
fbe740
fbe740 
https://bugzilla.redhat.com/show_bug.cgi?id=1791788
fbe740 
Message-Id: <b5ed395d736eb8570467e2eafb44288d77d416e7.1582120424.git.pkrempa@redhat.com>
fbe740 
Reviewed-by: Ján Tomko <jtomko@redhat.com>
fbe740 
---
fbe740 
 src/util/virstoragefile.c | 23 +++++++++++++++++------
fbe740 
 1 file changed, 17 insertions(+), 6 deletions(-)
fbe740
fbe740 
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
fbe740 
index dd05de188f..b02fad92b6 100644
fbe740 
--- a/src/util/virstoragefile.c
fbe740 
+++ b/src/util/virstoragefile.c
fbe740 
@@ -3052,7 +3052,8 @@ virStorageSourceParseBackingColon(virStorageSourcePtr src,
fbe740 
 static int
fbe740 
 virStorageSourceParseBackingJSONInternal(virStorageSourcePtr src,
fbe740 
                                          virJSONValuePtr json,
fbe740 
-                                         const char *jsonstr);
fbe740 
+                                         const char *jsonstr,
fbe740 
+                                         bool allowformat);
fbe740
fbe740
fbe740 
 static int
fbe740 
@@ -3531,7 +3532,7 @@ virStorageSourceParseBackingJSONRaw(virStorageSourcePtr src,
fbe740 
         return -1;
fbe740 
     }
fbe740
fbe740 
-    return virStorageSourceParseBackingJSONInternal(src, file, jsonstr);
fbe740 
+    return virStorageSourceParseBackingJSONInternal(src, file, jsonstr, false);
fbe740 
 }
fbe740
fbe740
fbe740 
@@ -3606,7 +3607,8 @@ static const struct virStorageSourceJSONDriverParser jsonParsers[] = {
fbe740 
 static int
fbe740 
 virStorageSourceParseBackingJSONInternal(virStorageSourcePtr src,
fbe740 
                                          virJSONValuePtr json,
fbe740 
-                                         const char *jsonstr)
fbe740 
+                                         const char *jsonstr,
fbe740 
+                                         bool allowformat)
fbe740 
 {
fbe740 
     const char *drvname;
fbe740 
     size_t i;
fbe740 
@@ -3619,8 +3621,17 @@ virStorageSourceParseBackingJSONInternal(virStorageSourcePtr src,
fbe740 
     }
fbe740
fbe740 
     for (i = 0; i < G_N_ELEMENTS(jsonParsers); i++) {
fbe740 
-        if (STREQ(drvname, jsonParsers[i].drvname))
fbe740 
-            return jsonParsers[i].func(src, json, jsonstr, jsonParsers[i].opaque);
fbe740 
+        if (STRNEQ(drvname, jsonParsers[i].drvname))
fbe740 
+            continue;
fbe740 
+
fbe740 
+        if (jsonParsers[i].formatdriver && !allowformat) {
fbe740 
+            virReportError(VIR_ERR_INVALID_ARG,
fbe740 
+                           _("JSON backing volume definition '%s' must not have nested format drivers"),
fbe740 
+                           jsonstr);
fbe740 
+            return -1;
fbe740 
+        }
fbe740 
+
fbe740 
+        return jsonParsers[i].func(src, json, jsonstr, jsonParsers[i].opaque);
fbe740 
     }
fbe740
fbe740 
     virReportError(VIR_ERR_INTERNAL_ERROR,
fbe740 
@@ -3655,7 +3666,7 @@ virStorageSourceParseBackingJSON(virStorageSourcePtr src,
fbe740 
     if (!file)
fbe740 
         file = deflattened;
fbe740
fbe740 
-    return virStorageSourceParseBackingJSONInternal(src, file, json);
fbe740 
+    return virStorageSourceParseBackingJSONInternal(src, file, json, true);
fbe740 
 }
fbe740
fbe740
fbe740 
--
fbe740 
2.25.0
fbe740

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation