Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
v2v: -o libvirt: Prevent possible XPath injection.
Ensure the arch string is sane before using it in the following XPath
expression.  Since the arch string can be derived from untrusted guest
data [see src/filearch.c], this prevents a possible XPath injection
vulnerability.
  • Loading branch information
rwmjones committed Feb 14, 2015
1 parent c3566da commit 6c6ce85
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions v2v/output_libvirt.ml
Expand Up @@ -30,9 +30,15 @@ module StringSet = Set.Make (String)
let string_set_of_list =
List.fold_left (fun set x -> StringSet.add x set) StringSet.empty

let arch_sanity_re = Str.regexp "^[-_A-Za-z0-9]+$"

let target_features_of_capabilities_doc doc arch =
let xpathctx = Xml.xpath_new_context doc in
let expr =
(* Check the arch is sane. It comes from untrusted input. This
* avoids XPath injection below.
*)
assert (Str.string_match arch_sanity_re arch 0);
(* NB: Pay attention to the square brackets. This returns the
* <guest> nodes!
*)
Expand Down

0 comments on commit 6c6ce85

Please sign in to comment.