File e6de1e43-CVE-2025-12748-p2.patch of Package libvirt.42084

commit 331c61489a013e85df09aaa0f8f5884a7a671184
Author: Martin Kletzander <mkletzan@redhat.com>
Date:   Thu Nov 6 14:33:31 2025 +0100

    conf: Add virDomainDefIDsParseString
    
    This function performs only parsing with the underlying
    virDomainDefParseIDs() function to get needed metadata for any ACL
    checks, but nothing else to avoid extraneous allocations and any
    parser-induced DoS over ACL-forbidden connections.
    
    References: bsc#1253278, CVE-2025-12748
    
    Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
    Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
    (cherry picked from commit e6de1e43ab6e907225b8f9bcea3772231908717e)
    Signed-off-by: Jim Fehlig <jfehlig@suse.com>

Index: libvirt-7.1.0/src/conf/domain_conf.c
===================================================================
--- libvirt-7.1.0.orig/src/conf/domain_conf.c
+++ libvirt-7.1.0/src/conf/domain_conf.c
@@ -21418,6 +21418,34 @@ virDomainDefParse(const char *xmlStr,
 }
 
 virDomainDefPtr
+virDomainDefIDsParseString(const char *xmlStr,
+                           virDomainXMLOptionPtr xmlopt G_GNUC_UNUSED,
+                           unsigned int flags)
+{
+    g_autoptr(virDomainDef) def = NULL;
+    g_autoptr(xmlDoc) xml = NULL;
+    g_autoptr(xmlXPathContext) ctxt = NULL;
+    bool uuid_generated = false;
+
+    xml = virXMLParseWithIndent(NULL, xmlStr, _("(domain_definition)"), &ctxt);
+
+    if (!xml)
+        return NULL;
+
+    def = virDomainDefNew();
+    if (!def)
+        return NULL;
+
+    if (virDomainDefParseIDs(def, ctxt, flags, &uuid_generated) < 0)
+        return NULL;
+
+    if (uuid_generated)
+        memset(def->uuid, 0, VIR_UUID_BUFLEN);
+
+    return g_steal_pointer(&def);
+}
+
+virDomainDefPtr
 virDomainDefParseString(const char *xmlStr,
                         virDomainXMLOptionPtr xmlopt,
                         void *parseOpaque,
Index: libvirt-7.1.0/src/conf/domain_conf.h
===================================================================
--- libvirt-7.1.0.orig/src/conf/domain_conf.h
+++ libvirt-7.1.0/src/conf/domain_conf.h
@@ -3285,6 +3285,9 @@ virDomainDeviceDefPtr virDomainDeviceDef
 virDomainDiskDefPtr virDomainDiskDefParse(const char *xmlStr,
                                           virDomainXMLOptionPtr xmlopt,
                                           unsigned int flags);
+virDomainDefPtr virDomainDefIDsParseString(const char *xmlStr,
+                                          virDomainXMLOptionPtr xmlopt,
+                                          unsigned int flags);
 virDomainDefPtr virDomainDefParseString(const char *xmlStr,
                                         virDomainXMLOptionPtr xmlopt,
                                         void *parseOpaque,
Index: libvirt-7.1.0/src/libvirt_private.syms
===================================================================
--- libvirt-7.1.0.orig/src/libvirt_private.syms
+++ libvirt-7.1.0/src/libvirt_private.syms
@@ -328,6 +328,7 @@ virDomainDefHasOldStyleUEFI;
 virDomainDefHasUSB;
 virDomainDefHasVcpusOffline;
 virDomainDefHasVFIOHostdev;
+virDomainDefIDsParseString;
 virDomainDefLifecycleActionAllowed;
 virDomainDefMaybeAddController;
 virDomainDefMaybeAddInput;