qemu: Forbid slashes in shmem name

With that users could access files outside /dev/shm.  That itself
isn't a security problem, but might cause some errors we want to
avoid.  So let's forbid slashes as we do with domain and volume names
and also mention that in the schema.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1395496

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index c5f101325e0b01a9f7dc3233c894686a716bda59..c64544ac473d9c3bd4d04744c8195b06839e58ec 100644 (file)
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3633,7 +3633,11 @@
 
   <define name="shmem">
     <element name="shmem">
-      <attribute name="name"/>
+      <attribute name="name">
+        <data type="string">
+          <param name="pattern">[^/]*</param>
+        </data>
+      </attribute>
       <interleave>
         <optional>
           <element name="model">

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 522f49d8b7f83de79ff04c729ecaa52260680a76..8508a6dee99e367933ff60517e2fb090b29b4b00 100644 (file)
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4589,6 +4589,25 @@ qemuProcessStartValidateIOThreads(virDomainObjPtr vm,
 }
 
 
+qemuProcessStartValidateShmem(virDomainObjPtr vm)
+{
+    size_t i;
+
+    for (i = 0; i < vm->def->nshmems; i++) {
+        virDomainShmemDefPtr shmem = vm->def->shmems[i];
+
+        if (strchr(shmem->name, '/')) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("shmem name '%s' must not contain '/'"),
+                           shmem->name);
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+
 static int
 qemuProcessStartValidateXML(virQEMUDriverPtr driver,
                             virDomainObjPtr vm,
@@ -4668,6 +4687,9 @@ qemuProcessStartValidate(virQEMUDriverPtr driver,
     if (qemuProcessStartValidateIOThreads(vm, qemuCaps) < 0)
         return -1;
 
+    if (qemuProcessStartValidateShmem(vm) < 0)
+        return -1;
+
     VIR_DEBUG("Checking for any possible (non-fatal) issues");
 
     qemuProcessStartWarnShmem(vm);