Overview

File e6de1e43-CVE-2025-12748-p2.patch of Package libvirt.42083

commit 331c61489a013e85df09aaa0f8f5884a7a671184
Author: Martin Kletzander <mkletzan@redhat.com>
Date:   Thu Nov 6 14:33:31 2025 +0100

    conf: Add virDomainDefIDsParseString
    
    This function performs only parsing with the underlying
    virDomainDefParseIDs() function to get needed metadata for any ACL
    checks, but nothing else to avoid extraneous allocations and any
    parser-induced DoS over ACL-forbidden connections.
    
    References: bsc#1253278, CVE-2025-12748
    
    Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
    Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
    (cherry picked from commit e6de1e43ab6e907225b8f9bcea3772231908717e)
    Signed-off-by: Jim Fehlig <jfehlig@suse.com>

Index: libvirt-8.0.0/src/conf/domain_conf.c
===================================================================
--- libvirt-8.0.0.orig/src/conf/domain_conf.c
+++ libvirt-8.0.0/src/conf/domain_conf.c
@@ -20587,6 +20587,35 @@ virDomainDefParse(const char *xmlStr,
 }
 
 virDomainDef *
+virDomainDefIDsParseString(const char *xmlStr,
+                           virDomainXMLOption *xmlopt,
+                           unsigned int flags)
+{
+    g_autoptr(virDomainDef) def = NULL;
+    g_autoptr(xmlDoc) xml = NULL;
+    g_autoptr(xmlXPathContext) ctxt = NULL;
+    bool uuid_generated = false;
+
+    xml = virXMLParseWithIndent(NULL, xmlStr, _("(domain_definition)"),
+                                "domain", &ctxt, "domain.rng", false);
+
+    if (!xml)
+        return NULL;
+
+    def = virDomainDefNew(xmlopt);
+    if (!def)
+        return NULL;
+
+    if (virDomainDefParseIDs(def, ctxt, flags, &uuid_generated) < 0)
+        return NULL;
+
+    if (uuid_generated)
+        memset(def->uuid, 0, VIR_UUID_BUFLEN);
+
+    return g_steal_pointer(&def);
+}
+
+virDomainDef *
 virDomainDefParseString(const char *xmlStr,
                         virDomainXMLOption *xmlopt,
                         void *parseOpaque,
Index: libvirt-8.0.0/src/conf/domain_conf.h
===================================================================
--- libvirt-8.0.0.orig/src/conf/domain_conf.h
+++ libvirt-8.0.0/src/conf/domain_conf.h
@@ -3517,6 +3517,9 @@ virDomainDiskDef *virDomainDiskDefParse(
 virStorageSource *virDomainDiskDefParseSource(const char *xmlStr,
                                               virDomainXMLOption *xmlopt,
                                               unsigned int flags);
+virDomainDef * virDomainDefIDsParseString(const char *xmlStr,
+                                          virDomainXMLOption *xmlopt,
+                                          unsigned int flags);
 virDomainDef *virDomainDefParseString(const char *xmlStr,
                                       virDomainXMLOption *xmlopt,
                                       void *parseOpaque,
Index: libvirt-8.0.0/src/libvirt_private.syms
===================================================================
--- libvirt-8.0.0.orig/src/libvirt_private.syms
+++ libvirt-8.0.0/src/libvirt_private.syms
@@ -339,6 +339,7 @@ virDomainDefHasUSB;
 virDomainDefHasVcpusOffline;
 virDomainDefHasVDPANet;
 virDomainDefHasVFIOHostdev;
+virDomainDefIDsParseString;
 virDomainDefLifecycleActionAllowed;
 virDomainDefMaybeAddController;
 virDomainDefMaybeAddInput;
openSUSE Build Service is sponsored by
Places