File 69958ba3-CVE-2025-12748-p1.patch of Package libvirt.42084
commit 2e3e9a6d65f1e78317296ea9e29e021a9badff00
Author: Michal Prívozník <mprivozn@redhat.com>
Date: Tue Nov 21 10:39:58 2023 +0100
virxml: Introduce parsing APIs that keep indentation
When parsing an XML it may be important to keep indentation to
produce a better looking result when formatting the XML back.
Just look at all those xmlKeepBlanksDefault() calls just before
virXMLParse() is called.
Anyway, as of libxml2 commit v2.12.0~108 xmlKeepBlanksDefault()
is deprecated. Therefore, introduce virXMLParse...WithIndent()
variants which would do exactly xmlKeepBlanksDefault() did but
with non-deprecated APIs.
References: bsc#1253278, CVE-2025-12748
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 69958ba3102810bb4f90a91d2f6d9032e1a1da2d)
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Index: libvirt-7.1.0/src/util/virxml.c
===================================================================
--- libvirt-7.1.0.orig/src/util/virxml.c
+++ libvirt-7.1.0/src/util/virxml.c
@@ -783,11 +783,13 @@ virXMLParseHelper(int domcode,
const char *filename,
const char *xmlStr,
const char *url,
- xmlXPathContextPtr *ctxt)
+ xmlXPathContextPtr *ctxt,
+ bool keepindent)
{
struct virParserData private;
xmlParserCtxtPtr pctxt;
xmlDocPtr xml = NULL;
+ int parseFlags = XML_PARSE_NONET | XML_PARSE_NOWARNING;
/* Set up a parser context so we can catch the details of XML errors. */
pctxt = xmlNewParserCtxt();
@@ -800,14 +802,14 @@ virXMLParseHelper(int domcode,
pctxt->_private = &private;
pctxt->sax->error = catchXMLError;
+ if (keepindent) {
+ parseFlags |= XML_PARSE_NOBLANKS;
+ }
+
if (filename) {
- xml = xmlCtxtReadFile(pctxt, filename, NULL,
- XML_PARSE_NONET |
- XML_PARSE_NOWARNING);
+ xml = xmlCtxtReadFile(pctxt, filename, NULL, parseFlags);
} else {
- xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL,
- XML_PARSE_NONET |
- XML_PARSE_NOWARNING);
+ xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL, parseFlags);
}
if (!xml)
goto error;
Index: libvirt-7.1.0/src/util/virxml.h
===================================================================
--- libvirt-7.1.0.orig/src/util/virxml.h
+++ libvirt-7.1.0/src/util/virxml.h
@@ -83,7 +83,8 @@ xmlDocPtr virXMLParseHelper(int dom
const char *filename,
const char *xmlStr,
const char *url,
- xmlXPathContextPtr *pctxt);
+ xmlXPathContextPtr *pctxt,
+ bool keepindent);
const char *virXMLPickShellSafeComment(const char *str1, const char *str2);
/**
@@ -97,7 +98,17 @@ const char *virXMLPickShellSafeComment(c
* Return the parsed document object, or NULL on failure.
*/
#define virXMLParse(filename, xmlStr, url) \
- virXMLParseHelper(VIR_FROM_THIS, filename, xmlStr, url, NULL)
+ virXMLParseHelper(VIR_FROM_THIS, filename, xmlStr, url, NULL, false)
+
+/**
+ * virXMLParseWithIndent:
+ *
+ * Just like virXMLParse, except indentation is preserved. Should be used when
+ * facing an user provided XML which may be formatted back and keeping verbatim
+ * spacing is necessary (e.g. due to <metadata/>).
+ */
+#define virXMLParseWithIndent(filename, xmlStr, url, pctxt) \
+ virXMLParseHelper(VIR_FROM_THIS, filename, xmlStr, url, pctxt, true)
/**
* virXMLParseString:
@@ -109,7 +120,7 @@ const char *virXMLPickShellSafeComment(c
* Return the parsed document object, or NULL on failure.
*/
#define virXMLParseString(xmlStr, url) \
- virXMLParseHelper(VIR_FROM_THIS, NULL, xmlStr, url, NULL)
+ virXMLParseHelper(VIR_FROM_THIS, NULL, xmlStr, url, NULL, false)
/**
* virXMLParseFile:
@@ -120,7 +131,7 @@ const char *virXMLPickShellSafeComment(c
* Return the parsed document object, or NULL on failure.
*/
#define virXMLParseFile(filename) \
- virXMLParseHelper(VIR_FROM_THIS, filename, NULL, NULL, NULL)
+ virXMLParseHelper(VIR_FROM_THIS, filename, NULL, NULL, NULL, false)
/**
* virXMLParseCtxt:
@@ -135,7 +146,7 @@ const char *virXMLPickShellSafeComment(c
* Return the parsed document object, or NULL on failure.
*/
#define virXMLParseCtxt(filename, xmlStr, url, pctxt) \
- virXMLParseHelper(VIR_FROM_THIS, filename, xmlStr, url, pctxt)
+ virXMLParseHelper(VIR_FROM_THIS, filename, xmlStr, url, pctxt, false)
/**
* virXMLParseStringCtxt:
@@ -149,7 +160,7 @@ const char *virXMLPickShellSafeComment(c
* Return the parsed document object, or NULL on failure.
*/
#define virXMLParseStringCtxt(xmlStr, url, pctxt) \
- virXMLParseHelper(VIR_FROM_THIS, NULL, xmlStr, url, pctxt)
+ virXMLParseHelper(VIR_FROM_THIS, NULL, xmlStr, url, pctxt, false)
/**
* virXMLParseFileCtxt:
@@ -162,7 +173,7 @@ const char *virXMLPickShellSafeComment(c
* Return the parsed document object, or NULL on failure.
*/
#define virXMLParseFileCtxt(filename, pctxt) \
- virXMLParseHelper(VIR_FROM_THIS, filename, NULL, NULL, pctxt)
+ virXMLParseHelper(VIR_FROM_THIS, filename, NULL, NULL, pctxt, false)
int virXMLSaveFile(const char *path,
const char *warnName,
