File a6dcfee8-CVE-2025-12748-p4.patch of Package libvirt.42084

commit ac9b24c91ff3374b9a8a370713e9fc15fb6462ba
Author: Martin Kletzander <mkletzan@redhat.com>
Date:   Thu Nov 6 15:49:01 2025 +0100

    lxc: Check ACLs before parsing the whole domain XML
    
    Utilise the new virDomainDefIDsParseString() for that.
    
    Fixes: CVE-2025-12748
    References: bsc#1253278
    
    Reported-by: Святослав Терешин <s.tereshin@fobos-nt.ru>
    Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
    Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
    (cherry picked from commit a6dcfee896f67bb8bdfdbb0b406ac7649fbb4c0f)
    Signed-off-by: Jim Fehlig <jfehlig@suse.com>

Index: libvirt-7.1.0/src/lxc/lxc_driver.c
===================================================================
--- libvirt-7.1.0.orig/src/lxc/lxc_driver.c
+++ libvirt-7.1.0/src/lxc/lxc_driver.c
@@ -416,6 +416,15 @@ lxcDomainDefineXMLFlags(virConnectPtr co
     if (!(caps = virLXCDriverGetCapabilities(driver, false)))
         goto cleanup;
 
+    /* Avoid parsing the whole domain definition for ACL checks */
+    if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags)))
+        goto cleanup;
+
+    if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
+        goto cleanup;
+
+    g_clear_pointer(&def, virDomainDefFree);
+
     if (!(def = virDomainDefParseString(xml, driver->xmlopt,
                                         NULL, parse_flags)))
         goto cleanup;
@@ -423,9 +432,6 @@ lxcDomainDefineXMLFlags(virConnectPtr co
     if (virXMLCheckIllegalChars("name", def->name, "\n") < 0)
         goto cleanup;
 
-    if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
-        goto cleanup;
-
     if (virSecurityManagerVerify(driver->securityManager, def) < 0)
         goto cleanup;
 
@@ -1101,13 +1107,19 @@ lxcDomainCreateXMLWithFiles(virConnectPt
     if (!(caps = virLXCDriverGetCapabilities(driver, false)))
         goto cleanup;
 
-    if (!(def = virDomainDefParseString(xml, driver->xmlopt,
-                                        NULL, parse_flags)))
+    /* Avoid parsing the whole domain definition for ACL checks */
+    if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags)))
         goto cleanup;
 
     if (virDomainCreateXMLWithFilesEnsureACL(conn, def) < 0)
         goto cleanup;
 
+    g_clear_pointer(&def, virDomainDefFree);
+
+    if (!(def = virDomainDefParseString(xml, driver->xmlopt,
+                                        NULL, parse_flags)))
+        goto cleanup;
+
     if (virSecurityManagerVerify(driver->securityManager, def) < 0)
         goto cleanup;