1:46 p.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1107420
Add a new define/create flag VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME
to disallow new nwfilters to be defined/created using a name
comprised entirely of spaces.
Alter the nwfilterxml2xmltest to add a test in order to prove the
failure occurs.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/conf/nwfilter_conf.c | 9 ++++++++-
src/conf/nwfilter_conf.h | 7 +++++++
src/nwfilter/nwfilter_driver.c | 3 ++-
tests/nwfilterxml2xmlin/name-whitespace-invalid.xml | 4 ++++
tests/nwfilterxml2xmltest.c | 7 ++++++-
5 files changed, 27 insertions(+), 3 deletions(-)
create mode 100644 tests/nwfilterxml2xmlin/name-whitespace-invalid.xml
diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index c1867fb946..4f99f88dca 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -2614,7 +2614,7 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt,
int chain_priority;
const char *name_prefix;
- virCheckFlags(0, NULL);
+ virCheckFlags(VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME, NULL);
if (VIR_ALLOC(ret) < 0)
return NULL;
@@ -2626,6 +2626,13 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt,
goto cleanup;
}
+ if ((flags & VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME) &&
+ virStringIsEmpty(ret->name)) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("name must contain at least one non blank
character"));
+ goto cleanup;
+ }
+
chain_pri_s = virXPathString("string(./@priority)", ctxt);
if (chain_pri_s) {
if (virStrToLong_i(chain_pri_s, NULL, 10, &chain_priority) < 0) {
diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index 5ffdc07fab..2a7eabbf91 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -559,6 +559,13 @@ int
virNWFilterDeleteDef(const char *configDir,
virNWFilterDefPtr def);
+typedef enum {
+ /* Perform extra name validation on new nwfilter names which
+ * will cause failure to parse the XML. Initially just that a
+ * name cannot be all white space. */
+ VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME = 1 << 0,
+} virNWFilterDefParseFlags;
+
virNWFilterDefPtr
virNWFilterDefParseNode(xmlDocPtr xml,
xmlNodePtr root,
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index d850a66b28..3529dfa519 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -546,6 +546,7 @@ nwfilterDefineXML(virConnectPtr conn,
virNWFilterObjPtr obj = NULL;
virNWFilterDefPtr objdef;
virNWFilterPtr nwfilter = NULL;
+ unsigned int parse_flags = VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME;
if (!driver->privileged) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
@@ -556,7 +557,7 @@ nwfilterDefineXML(virConnectPtr conn,
nwfilterDriverLock();
virNWFilterWriteLockFilterUpdates();
- if (!(def = virNWFilterDefParseString(xml, 0)))
+ if (!(def = virNWFilterDefParseString(xml, parse_flags)))
goto cleanup;
if (virNWFilterDefineXMLEnsureACL(conn, def) < 0)
diff --git a/tests/nwfilterxml2xmlin/name-whitespace-invalid.xml
b/tests/nwfilterxml2xmlin/name-whitespace-invalid.xml
new file mode 100644
index 0000000000..452847ae93
--- /dev/null
+++ b/tests/nwfilterxml2xmlin/name-whitespace-invalid.xml
@@ -0,0 +1,4 @@
+<filter name=' '>
+ <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid>
+ <filterref filter=' '/>
+</filter>
diff --git a/tests/nwfilterxml2xmltest.c b/tests/nwfilterxml2xmltest.c
index 0c79afa8ee..de63ab1a91 100644
--- a/tests/nwfilterxml2xmltest.c
+++ b/tests/nwfilterxml2xmltest.c
@@ -26,11 +26,14 @@ testCompareXMLToXMLFiles(const char *inxml, const char *outxml,
char *actual = NULL;
int ret = -1;
virNWFilterDefPtr dev = NULL;
+ unsigned int parse_flags = VIR_NWFILTER_DEF_PARSE_VALIDATE_NAME;
virResetLastError();
- if (!(dev = virNWFilterDefParseFile(inxml, 0))) {
+ if (!(dev = virNWFilterDefParseFile(inxml, parse_flags))) {
if (expect_error) {
+ VIR_TEST_DEBUG("Got expected parse failure msg='%s'",
+ virGetLastErrorMessage());
virResetLastError();
goto done;
}
@@ -149,6 +152,8 @@ mymain(void)
DO_TEST("ipset-test", false);
+ DO_TEST("name-whitespace-invalid", true);
+
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
--
2.17.1