git.feebdaed.xyz Git - 0xmirror/libvirt.git/commit

author	Martin Kletzander <mkletzan@redhat.com>
	Thu, 6 Nov 2025 13:33:41 +0000 (14:33 +0100)
committer	Martin Kletzander <mkletzan@redhat.com>
	Wed, 12 Nov 2025 08:50:56 +0000 (09:50 +0100)
commit	2a326c415a7e1cdd49989cc7e46b88d9ca90dd97
tree	9b8f75d67a6e147012698ac4b4ebe13277d68bdf	tree \| snapshot
parent	eb4322dfe8fff544d6dac01b2748c20f78f00d69	commit \| diff

qemu: Check ACLs before parsing the whole domain XML

Utilise the new virDomainDefIDsParseString() for that.

This is one of the more complex ones since there is also a function that
reads relevant metadata from a save image XML. In order _not_ to extract
the parsing out of the function (and make the function basically trivial
and all callers more complex) add a callback to the function which will
be used to check the ACLs.

Fixes: CVE-2025-12748
Reported-by: Святослав Терешин <s.tereshin@fobos-nt.ru>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

src/qemu/qemu_driver.c		diff \| blob \| history
src/qemu/qemu_migration.c		diff \| blob \| history
src/qemu/qemu_migration.h		diff \| blob \| history
src/qemu/qemu_saveimage.c		diff \| blob \| history
src/qemu/qemu_saveimage.h		diff \| blob \| history
src/qemu/qemu_snapshot.c		diff \| blob \| history