From 9ff956b26aba64e1519a338197891ac53f033e7f Mon Sep 17 00:00:00 2001
From: Simon Kobyda <skobyda@redhat.com>
Date: Wed, 1 Aug 2018 17:50:03 +0200
Subject: [PATCH] conf: virDomainDefValidateInternal prohibit some characters
 in shmem name

Validate that the provided XML shmem name is not directory specific to "."  or
".." as well as ensure that there is no path separator '/' in the name.

https://bugzilla.redhat.com/show_bug.cgi?id=1192400

Signed-off-by: Simon Kobyda <skobyda@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
---
 docs/formatdomain.html.in |  4 +++-
 src/conf/domain_conf.c    | 29 ++++++++++++++++++++++++++++-
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index b63467bd91..5887939bd0 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -8094,7 +8094,9 @@ qemu-kvm -net nic,model=? /dev/null
     <dt><code>shmem</code></dt>
     <dd>
       The <code>shmem</code> element has one mandatory attribute,
-      <code>name</code> to identify the shared memory.
+      <code>name</code> to identify the shared memory. This attribute cannot
+      be directory specific to <code>.</code> or <code>..</code> as well as
+      it cannot involve path separator <code>/</code>.
     </dd>
     <dt><code>model</code></dt>
     <dd>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 7dcbe8a20b..adcd8f41b9 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -5747,6 +5747,31 @@ virDomainInputDefValidate(const virDomainInputDef *input)
 }
 
 
+static int
+virDomainShmemDefValidate(const virDomainShmemDef *shmem)
+{
+    if (strchr(shmem->name, '/')) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("shmem name cannot include '/' character"));
+        return -1;
+    }
+
+    if (STREQ(shmem->name, ".")) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("shmem name cannot be equal to '.'"));
+        return -1;
+    }
+
+    if (STREQ(shmem->name, "..")) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("shmem name cannot be equal to '..'"));
+        return -1;
+    }
+
+    return 0;
+}
+
+
 static int
 virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev,
                                    const virDomainDef *def)
@@ -5788,6 +5813,9 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev,
     case VIR_DOMAIN_DEVICE_INPUT:
         return virDomainInputDefValidate(dev->data.input);
 
+    case VIR_DOMAIN_DEVICE_SHMEM:
+        return virDomainShmemDefValidate(dev->data.shmem);
+
     case VIR_DOMAIN_DEVICE_LEASE:
     case VIR_DOMAIN_DEVICE_FS:
     case VIR_DOMAIN_DEVICE_SOUND:
@@ -5796,7 +5824,6 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev,
     case VIR_DOMAIN_DEVICE_HUB:
     case VIR_DOMAIN_DEVICE_MEMBALLOON:
     case VIR_DOMAIN_DEVICE_NVRAM:
-    case VIR_DOMAIN_DEVICE_SHMEM:
     case VIR_DOMAIN_DEVICE_TPM:
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
-- 
GitLab