Bug 1270427 - libvirt should escape possible invalid characters.
libvirt should escape possible invalid characters.
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt (Show other bugs)
7.2
x86_64 Linux
unspecified Severity medium
: rc
: ---
Assigned To: Martin Kletzander
Virtualization Bugs
: Upstream
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-09 23:01 EDT by Fangge Jin
Modified: 2016-11-03 14:25 EDT (History)
5 users (show)

See Also:
Fixed In Version: libvirt-1.3.1-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 14:25:48 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Fangge Jin 2015-10-09 23:01:25 EDT
Description of problem:
libvirt should escape possible invalid characters.

Version-Release number of selected component (if applicable):
libvirt-1.2.17-13.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Define a vm with the attributes as below:
...
    <graphics type='vnc' port='-1' autoport='yes' socket='&lt;&gt;'>
    </graphics>
...

2.Dump the xml:
# virsh dumpxml test
...
    <graphics type='vnc' socket='<>'/>
...

3.Try to edit the xml:
# virsh edit test
error: (domain_definition):125: Unescaped '<' not allowed in attributes values
    <graphics type='vnc' socket='<>'/>
---------------------------------^
Failed. Try again? [y,n,i,f,?]: 

4.The problem also exits with /domain/devices/disk/driver[@name]:
...
    <disk type='file' device='disk'>
      <driver name='&lt;&gt;' type='raw'/>
...

Actual results:
As step3&4, libvirt doesn't escape characters in the two places.

Expected results:
Libvirt can escape characters when defining a guest, so after defining, the guest xml should be like:
# virsh dumpxml test
...
    <disk type='file' device='disk'>
      <driver name='&lt;&gt;' type='raw'/>
...
    <graphics type='vnc' socket='&lt;&gt;'/>
...


Additional info:
Comment 1 Jaroslav Suchanek 2015-11-26 09:45:40 EST
I would say, don't use HTML entities in name attributes, but ok, lets see...
Comment 2 Martin Kletzander 2015-11-26 10:23:11 EST
Did you use any fuzzy testing or did you try all possible attributes?  Just to know if that problem is somewhere else as well.
Comment 3 Fangge Jin 2015-11-26 21:33:27 EST
(In reply to Martin Kletzander from comment #2)
> Did you use any fuzzy testing or did you try all possible attributes?  Just
> to know if that problem is somewhere else as well.

I just did some random testing, I'm not sure if somewhere else has the same problem.

FYI: Some other attributes with the problem have been fixed in the bug: Bug 1197580 - libvirt should escape possible invalid characters.
Comment 4 Martin Kletzander 2015-11-27 08:10:07 EST
Fixed upstream by v1.2.19-11-ge92e5ba12825 and v1.2.19-111-g363995b02982:

commit 363995b02982771ad0e7a586520a232d1c383b91
Author: Luyao Huang <lhuang@redhat.com>
Date:   Tue Sep 22 16:13:53 2015 +0800

    conf: escape string for disk driver name attribute

commit e92e5ba12825b32ccc929a527077fb7019c87d1b
Author: Pavel Hrdina <phrdina@redhat.com>
Date:   Mon Aug 31 15:33:49 2015 +0200

    domain-conf: escape string for socket attribute
Comment 6 Fangge Jin 2016-03-02 21:39:51 EST
Tested with build libvirt-1.3.2-1.el7.x86_64, it seems that it still doesn't work, guest xml validates failed.

Steps:
1. Prepare a guest xml including special characters:
# cat test.xml
...
    <disk type='file' device='disk'>
      <driver name='&lt;&gt;' type='qcow2' cache='none'/>
...

2. Try to define the guest with --validate
# virsh define test.xml --validate
error: Failed to define domain from test.xml
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element devices in interleave
Element domain failed to validate content

3. Try to define the guest without --validate
# virsh define test.xml
Domain fedora23 defined from test.xml

Check dumpxml:
# virsh dumpxml fedora23
...
    <disk type='file' device='disk'>
      <driver name='&lt;&gt;' type='qcow2' cache='none'/>
...

Try to edit guest xml:
# virsh edit fedora23
(change vcpu number from 4 to 1)
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element devices in interleave
Element domain failed to validate content
Comment 7 Martin Kletzander 2016-03-03 05:54:47 EST
That's another type of problem, though.  Separate BZ should be filed for that.  The validation tells you that the XML will not probably work, so I think it's a good sign.
Comment 8 Fangge Jin 2016-04-11 01:09:03 EDT
Test pass with build libvirt-1.3.3-1.el7.x86_64

Steps:
1.# cat /tmp/windows.xml
    <disk type='file' device='disk'>
      <driver name='&lt;&gt;' type='qcow2'/>
...
    <graphics type='vnc' socket='&lt;&gt;'/>

2. # virsh define /tmp/windows.xml
3. # virsh dumpxml windows
    <disk type='file' device='disk'>
      <driver name='&lt;&gt;' type='qcow2'/>
...
    <graphics type='vnc' socket='&lt;&gt;'/>
4. # virsh define /tmp/windows.xml --validate
error: Failed to define domain from /tmp/windows.xml
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element devices in interleave
Element domain failed to validate content

The validation fails because the value "&lt;&gt;" for driver name or socket path is invalid, it's reasonable.
Comment 10 errata-xmlrpc 2016-11-03 14:25:48 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html

Note You need to log in before you can comment on or make changes to this bug.