From nobody Fri May 16 01:17:32 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 150366013200891.7911254196298;
 Fri, 25 Aug 2017 04:22:12 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 3792381E0B;
	Fri, 25 Aug 2017 11:22:10 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 179047EE6D;
	Fri, 25 Aug 2017 11:22:10 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C51B6180610A;
	Fri, 25 Aug 2017 11:21:53 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v7PBLJ3P027457 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 25 Aug 2017 07:21:19 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id E19C560610; Fri, 25 Aug 2017 11:21:19 +0000 (UTC)
Received: from caroline.localdomain (unknown [10.43.2.67])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 907285C696
	for <libvir-list@redhat.com>; Fri, 25 Aug 2017 11:21:17 +0000 (UTC)
Received: from caroline.brq.redhat.com (caroline.brq.redhat.com [127.0.0.1])
	by caroline.localdomain (Postfix) with ESMTP id 70B5A1206EC
	for <libvir-list@redhat.com>; Fri, 25 Aug 2017 13:21:16 +0200 (CEST)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3792381E0B
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com;
 spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com
From: Martin Kletzander <mkletzan@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 25 Aug 2017 13:21:12 +0200
Message-Id: 
 <612d6abbc4cedc42842b440f316a40f0961afffb.1503659798.git.mkletzan@redhat.com>
In-Reply-To: <cover.1503659798.git.mkletzan@redhat.com>
References: <cover.1503659798.git.mkletzan@redhat.com>
In-Reply-To: <cover.1503659798.git.mkletzan@redhat.com>
References: <cover.1503659798.git.mkletzan@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 1/3] conf: Properly truncate wide character
	names in virDomainObjGetShortName
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Fri, 25 Aug 2017 11:22:10 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0

We always truncated the name at 20 bytes instead of characters.  In
case 20 bytes were in the middle of a multi-byte character, then the
string became invalid and various parts of the code would error
out (e.g. XML parsing of that string).  Let's instead properly
truncate it after 20 characters instead.

We cannot test this in our test suite because we would need to know
what locales are installed on the system where the tests are ran and
if there is supported one (most probably there will be, but we cannot
be 100% sure), we could initialize gettext in qemuxml2argvtest, but
there would still be a chance of getting two different (both valid,
though) results.

In order to test this it is enough to start a machine with a name for
which trimming it after 20 bytes would create invalid sequence (e.g.
1234567890123456789=C4=8D where =C4=8D is any multi-byte character).  Then =
start
the domain and restart libvirtd.  The domain would disappear because
such illegal sequence will not go through the XML parser.  And that's
not a bug of the parser, it should not be in the XML in the first
place, but since we don't use any sophisticated formatter, just
mash some strings together, the formatting succeeds.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1448766

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/conf/domain_conf.c | 45 ++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 42 insertions(+), 3 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 47eba4dbb315..dd73158f028b 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -27131,6 +27131,8 @@ virDomainDefHasMemballoon(const virDomainDef *def)
 }
=20
=20
+#define VIR_DOMAIN_SHORT_NAME_MAX 20
+
 /**
  * virDomainObjGetShortName:
  * @vm: Machine for which to get a name
@@ -27141,15 +27143,52 @@ virDomainDefHasMemballoon(const virDomainDef *def)
 char *
 virDomainObjGetShortName(const virDomainDef *def)
 {
-    const int dommaxlen =3D 20;
+    wchar_t wshortname[VIR_DOMAIN_SHORT_NAME_MAX + 1] =3D {0};
+    size_t len =3D 0;
+    char *shortname =3D NULL;
     char *ret =3D NULL;
=20
-    ignore_value(virAsprintf(&ret, "%d-%.*s",
-                             def->id, dommaxlen, def->name));
+    /* No need to do the whole conversion thing when there are no multibyte
+     * characters.  The same applies for illegal sequences as they can occ=
ur
+     * with incompatible locales. */
+    len =3D mbstowcs(NULL, def->name, 0);
+    if ((len =3D=3D (size_t) -1 && errno =3D=3D EILSEQ) ||
+        len =3D=3D strlen(def->name)) {
+        ignore_value(virAsprintf(&ret, "%d-%.*s", def->id,
+                                 VIR_DOMAIN_SHORT_NAME_MAX, def->name));
+        return ret;
+    }
+
+    if (len =3D=3D (size_t) -1 ||
+        mbstowcs(wshortname, def->name, VIR_DOMAIN_SHORT_NAME_MAX) =3D=3D =
(size_t) -1) {
+        virReportError(VIR_ERR_INVALID_ARG, "%s",
+                       _("Cannot convert domain name to wide character str=
ing"));
+        return NULL;
+    }
+
+    len =3D wcstombs(NULL, wshortname, 0);
+    if (len =3D=3D (size_t) -1)
+        return NULL;
=20
+    if (len > VIR_DOMAIN_SHORT_NAME_MAX)
+        len =3D VIR_DOMAIN_SHORT_NAME_MAX;
+
+    if (VIR_ALLOC_N(shortname, len + 1) < 0)
+        return NULL;
+
+    if (wcstombs(shortname, wshortname, len) =3D=3D (size_t) -1) {
+        virReportError(VIR_ERR_INVALID_ARG, "%s",
+                       _("Cannot convert domain name from wide character s=
tring"));
+        goto cleanup;
+    }
+
+    ignore_value(virAsprintf(&ret, "%d-%s", def->id, shortname));
+ cleanup:
+    VIR_FREE(shortname);
     return ret;
 }
=20
+#undef VIR_DOMAIN_SHORT_NAME_MAX
=20
 int
 virDomainGetBlkioParametersAssignFromDef(virDomainDefPtr def,
--=20
2.14.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list