Changeset 79677 in vbox for trunk/src/VBox

Timestamp:

Jul 10, 2019 3:45:05 PM (6 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

131994

Message:

Runtime/r3/xml.cpp: Introduce methods which limit the size of element and attribute values when querying them. Just for sanitizing, not that the buffer size is actually limited.
Main/Appliance+ExtPack: Use size checks to play safe with XML sata.

Location:

trunk/src/VBox

Files:

• Main/src-all/ExtPackUtil.cpp (modified) (10 diffs)
• Main/xml/ovfreader.cpp (modified) (18 diffs)
• Runtime/r3/xml.cpp (modified) (2 diffs)

trunk/src/VBox/Main/src-all/ExtPackUtil.cpp

@@ -113 +113 @@
 
     RTCString strFormatVersion;
-    if (!pVBoxExtPackElm->getAttributeValue("version", strFormatVersion))
+    if (!pVBoxExtPackElm->getAttributeValueN("version", strFormatVersion, RT_XML_ATTR_TINY))
         return new RTCString("Missing format version");
     if (!strFormatVersion.equals("1.0"))
@@ -124 +124 @@
     if (!pNameElm)
         return new RTCString("The 'Name' element is missing");
-    const char *pszName = pNameElm->getValue();
+    const char *pszName = pNameElm->getValueN(RT_XML_CONTENT_SMALL);
     if (!VBoxExtPackIsValidName(pszName))
         return &(new RTCString("Invalid name: "))->append(pszName);
@@ -131 +131 @@
     if (!pDescElm)
         return new RTCString("The 'Description' element is missing");
-    const char *pszDesc = pDescElm->getValue();
+    const char *pszDesc = pDescElm->getValueN(RT_XML_CONTENT_LARGE);
     if (!pszDesc || *pszDesc == '\0')
         return new RTCString("The 'Description' element is empty");
@@ -140 +140 @@
     if (!pVersionElm)
         return new RTCString("The 'Version' element is missing");
-    const char *pszVersion = pVersionElm->getValue();
+    const char *pszVersion = pVersionElm->getValueN(RT_XML_CONTENT_SMALL);
     if (!pszVersion || *pszVersion == '\0')
         return new RTCString("The 'Version' element is empty");
@@ -151 +151 @@
 
     const char *pszEdition;
-    if (!pVersionElm->getAttributeValue("edition", pszEdition))
+    if (!pVersionElm->getAttributeValueN("edition", pszEdition, RT_XML_ATTR_TINY))
         pszEdition = "";
     if (!VBoxExtPackIsValidEditionString(pszEdition))
@@ -159 +159 @@
     if (!pMainModuleElm)
         return new RTCString("The 'MainModule' element is missing");
-    const char *pszMainModule = pMainModuleElm->getValue();
+    const char *pszMainModule = pMainModuleElm->getValueN(RT_XML_CONTENT_SMALL);
     if (!pszMainModule || *pszMainModule == '\0')
         return new RTCString("The 'MainModule' element is empty");
@@ -173 +173 @@
     if (pMainVMModuleElm)
     {
-        pszMainVMModule = pMainVMModuleElm->getValue();
+        pszMainVMModule = pMainVMModuleElm->getValueN(RT_XML_CONTENT_SMALL);
         if (!pszMainVMModule || *pszMainVMModule == '\0')
             pszMainVMModule = NULL;
@@ -188 +188 @@
     if (pVrdeModuleElm)
     {
-        pszVrdeModule = pVrdeModuleElm->getValue();
+        pszVrdeModule = pVrdeModuleElm->getValueN(RT_XML_CONTENT_SMALL);
         if (!pszVrdeModule || *pszVrdeModule == '\0')
             pszVrdeModule = NULL;
@@ -282 +282 @@
      * Hand the xml doc over to the common code.
      */
-    return vboxExtPackLoadDescFromDoc(&Doc, a_pExtPackDesc);
+    try
+    {
+        return vboxExtPackLoadDescFromDoc(&Doc, a_pExtPackDesc);
+    }
+    catch (RTCError &rXcpt)      // includes all XML exceptions
+    {
+        return new RTCString(rXcpt.what());
+    }
 }
 
@@ -358 +365 @@
      */
     if (RT_SUCCESS(rc))
-        pstrErr = vboxExtPackLoadDescFromDoc(&Doc, a_pExtPackDesc);
+        try
+        {
+            pstrErr = vboxExtPackLoadDescFromDoc(&Doc, a_pExtPackDesc);
+        }
+        catch (RTCError &rXcpt)      // includes all XML exceptions
+        {
+            return new RTCString(rXcpt.what());
+        }
 
     return pstrErr;

trunk/src/VBox/Main/xml/ovfreader.cpp

@@ -107 +107 @@
     if ((pTypeAttr = pRootElem->findAttribute("lang", "xml")))
     {
-        pcszTypeAttr = pTypeAttr->getValue();
+        pcszTypeAttr = pTypeAttr->getValueN(RT_XML_ATTR_TINY);
         m_envelopeData.lang = pcszTypeAttr;
     }
@@ -148 +148 @@
         const char *pcszElemName = pElem->getName();
         const xml::AttributeNode *pTypeAttr = pElem->findAttribute("type");
-        const char *pcszTypeAttr = pTypeAttr ? pTypeAttr->getValue() : "";
+        const char *pcszTypeAttr = pTypeAttr ? pTypeAttr->getValueN(RT_XML_ATTR_TINY) : "";
 
         if (    !strcmp(pcszElemName, "DiskSection")
@@ -226 +226 @@
         const char *pcszDiskId;
         const char *pcszFormat;
-        if (!pelmDisk->getAttributeValue("diskId", pcszDiskId))
+        if (!pelmDisk->getAttributeValueN("diskId", pcszDiskId, RT_XML_ATTR_TINY))
             pcszBad = "diskId";
-        else if (!pelmDisk->getAttributeValue("format", pcszFormat))
+        else if (!pelmDisk->getAttributeValueN("format", pcszFormat, RT_XML_ATTR_SMALL))
             pcszBad = "format";
         else if (!pelmDisk->getAttributeValue("capacity", d.iCapacity))
@@ -242 +242 @@
 
             // optional vbox:uuid attribute (if OVF was exported by VirtualBox != 3.2)
-            pelmDisk->getAttributeValue("uuid", d.uuidVBox, "vbox");
+            pelmDisk->getAttributeValueN("uuid", d.uuidVBox, RT_XML_ATTR_TINY, "vbox");
 
             const char *pcszFileRef;
-            if (pelmDisk->getAttributeValue("fileRef", pcszFileRef)) // optional
+            if (pelmDisk->getAttributeValueN("fileRef", pcszFileRef, RT_XML_ATTR_SMALL)) // optional
             {
                 // look up corresponding /References/File nodes (list built above)
@@ -257 +257 @@
                     const char *pcszBadInFile = NULL;
                     const char *pcszHref;
-                    if (!pFileElem->getAttributeValue("href", pcszHref))
+                    if (!pFileElem->getAttributeValueN("href", pcszHref, RT_XML_ATTR_SMALL))
                         pcszBadInFile = "href";
                     else if (!pFileElem->getAttributeValue("size", d.iSize))
@@ -267 +267 @@
                     d.iChunkSize = -1;       // optional
                     const char *pcszCompression;
-                    if (pFileElem->getAttributeValue("compression", pcszCompression))
+                    if (pFileElem->getAttributeValueN("compression", pcszCompression, RT_XML_ATTR_TINY))
                         d.strCompression = pcszCompression;
 
@@ -350 +350 @@
     const xml::AttributeNode *pIdAttr = pelmVirtualSystem->findAttribute("id");
     if (pIdAttr)
-        vsys.strName = pIdAttr->getValue();
+        vsys.strName = pIdAttr->getValueN(RT_XML_ATTR_SMALL);
 
     xml::NodesLoop loop(*pelmVirtualSystem);      // all child elements
@@ -362 +362 @@
             const xml::AttributeNode *pTypeAttr = pelmThis->findAttribute("type");
             if (pTypeAttr)
-                pcszTypeAttr = pTypeAttr->getValue();
+                pcszTypeAttr = pTypeAttr->getValueN(RT_XML_ATTR_TINY);
             else
                 throw OVFLogicError(N_("Error reading \"%s\": element \"Section\" has no \"type\" attribute, line %d"),
@@ -380 +380 @@
             const xml::ElementNode *pelmLicense;
             if ((pelmLicense = pelmThis->findChildElement("License")))
-                vsys.strLicenseText = pelmLicense->getValue();
+                vsys.strLicenseText = pelmLicense->getValueN(RT_XML_CONTENT_LARGE);
         }
         if (    !strcmp(pcszElemName, "ProductSection")
@@ -396 +396 @@
             const xml::ElementNode *pelmProduct;
             if ((pelmProduct = pelmThis->findChildElement("Product")))
-                vsys.strProduct = pelmProduct->getValue();
+                vsys.strProduct = pelmProduct->getValueN(RT_XML_CONTENT_SMALL);
             const xml::ElementNode *pelmVendor;
             if ((pelmVendor = pelmThis->findChildElement("Vendor")))
-                vsys.strVendor = pelmVendor->getValue();
+                vsys.strVendor = pelmVendor->getValueN(RT_XML_CONTENT_SMALL);
             const xml::ElementNode *pelmVersion;
             if ((pelmVersion = pelmThis->findChildElement("Version")))
-                vsys.strVersion = pelmVersion->getValue();
+                vsys.strVersion = pelmVersion->getValueN(RT_XML_CONTENT_SMALL);
             const xml::ElementNode *pelmProductUrl;
             if ((pelmProductUrl = pelmThis->findChildElement("ProductUrl")))
-                vsys.strProductUrl = pelmProductUrl->getValue();
+                vsys.strProductUrl = pelmProductUrl->getValueN(RT_XML_CONTENT_SMALL);
             const xml::ElementNode *pelmVendorUrl;
             if ((pelmVendorUrl = pelmThis->findChildElement("VendorUrl")))
-                vsys.strVendorUrl = pelmVendorUrl->getValue();
+                vsys.strVendorUrl = pelmVendorUrl->getValueN(RT_XML_CONTENT_SMALL);
         }
         else if (    !strcmp(pcszElemName, "VirtualHardwareSection")
@@ -425 +425 @@
                 </System>*/
                 if ((pelmVirtualSystemType = pelmSystem->findChildElement("VirtualSystemType")))
-                    vsys.strVirtualSystemType = pelmVirtualSystemType->getValue();
+                    vsys.strVirtualSystemType = pelmVirtualSystemType->getValueN(RT_XML_CONTENT_SMALL);
             }
 
@@ -792 +792 @@
             const xml::ElementNode *pelmCIMOSDescription;
             if ((pelmCIMOSDescription = pelmThis->findChildElement("Description")))
-                vsys.strCimosDesc = pelmCIMOSDescription->getValue();
+                vsys.strCimosDesc = pelmCIMOSDescription->getValueN(RT_XML_CONTENT_SMALL);
 
             const xml::ElementNode *pelmVBoxOSType;
             if ((pelmVBoxOSType = pelmThis->findChildElementNS("vbox",            // namespace
                                                                "OSType")))        // element name
-                vsys.strTypeVBox = pelmVBoxOSType->getValue();
+                vsys.strTypeVBox = pelmVBoxOSType->getValueN(RT_XML_CONTENT_SMALL);
         }
         else if (    (!strcmp(pcszElemName, "AnnotationSection"))
@@ -805 +805 @@
             const xml::ElementNode *pelmAnnotation;
             if ((pelmAnnotation = pelmThis->findChildElement("Annotation")))
-                vsys.strDescription = pelmAnnotation->getValue();
+                vsys.strDescription = pelmAnnotation->getValueN(RT_XML_CONTENT_SMALL);
         }
     }
@@ -818 +818 @@
         const char *pcszItemChildName = pelmItemChild->getName();
         if (!strcmp(pcszItemChildName, "Description"))
-            strDescription = pelmItemChild->getValue();
+            strDescription = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "Caption"))
-            strCaption = pelmItemChild->getValue();
+            strCaption = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "ElementName"))
-            strElementName = pelmItemChild->getValue();
+            strElementName = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (   !strcmp(pcszItemChildName, "InstanceID")
                  || !strcmp(pcszItemChildName, "InstanceId") )
             pelmItemChild->copyValue(ulInstanceID);
         else if (!strcmp(pcszItemChildName, "HostResource"))
-            strHostResource = pelmItemChild->getValue();
+            strHostResource = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "ResourceType"))
         {
@@ -835 +835 @@
             fResourceRequired = true;
             const char *pcszAttValue;
-            if (item->getAttributeValue("required", pcszAttValue))
+            if (item->getAttributeValueN("required", pcszAttValue, RT_XML_ATTR_TINY))
             {
                 if (!strcmp(pcszAttValue, "false"))
@@ -842 +842 @@
         }
         else if (!strcmp(pcszItemChildName, "OtherResourceType"))
-            strOtherResourceType = pelmItemChild->getValue();
+            strOtherResourceType = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "ResourceSubType"))
-            strResourceSubType = pelmItemChild->getValue();
+            strResourceSubType = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "AutomaticAllocation"))
-            fAutomaticAllocation = (!strcmp(pelmItemChild->getValue(), "true")) ? true : false;
+            fAutomaticAllocation = (!strcmp(pelmItemChild->getValueN(RT_XML_CONTENT_SMALL), "true")) ? true : false;
         else if (!strcmp(pcszItemChildName, "AutomaticDeallocation"))
-            fAutomaticDeallocation = (!strcmp(pelmItemChild->getValue(), "true")) ? true : false;
+            fAutomaticDeallocation = (!strcmp(pelmItemChild->getValueN(RT_XML_CONTENT_SMALL), "true")) ? true : false;
         else if (!strcmp(pcszItemChildName, "Parent"))
             pelmItemChild->copyValue(ulParent);
         else if (!strcmp(pcszItemChildName, "Connection"))
-            strConnection = pelmItemChild->getValue();
+            strConnection = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "Address"))
         {
-            strAddress = pelmItemChild->getValue();
+            strAddress = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
             pelmItemChild->copyValue(lAddress);
         }
         else if (!strcmp(pcszItemChildName, "AddressOnParent"))
-            strAddressOnParent = pelmItemChild->getValue();
+            strAddressOnParent = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "AllocationUnits"))
-            strAllocationUnits = pelmItemChild->getValue();
+            strAllocationUnits = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "VirtualQuantity"))
             pelmItemChild->copyValue(ullVirtualQuantity);
@@ -871 +871 @@
             pelmItemChild->copyValue(ullWeight);
         else if (!strcmp(pcszItemChildName, "ConsumerVisibility"))
-            strConsumerVisibility = pelmItemChild->getValue();
+            strConsumerVisibility = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "MappingBehavior"))
-            strMappingBehavior = pelmItemChild->getValue();
+            strMappingBehavior = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "PoolID"))
-            strPoolID = pelmItemChild->getValue();
+            strPoolID = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "BusNumber"))
             pelmItemChild->copyValue(ulBusNumber);
@@ -921 +921 @@
         const char *pcszItemChildName = pelmItemChild->getName();
         if (!strcmp(pcszItemChildName, "HostExtentName"))
-            strHostExtentName = pelmItemChild->getValue();
+            strHostExtentName = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "OtherHostExtentNameFormat"))
-            strOtherHostExtentNameFormat = pelmItemChild->getValue();
+            strOtherHostExtentNameFormat = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "OtherHostExtentNameNamespace"))
-            strOtherHostExtentNameNamespace = pelmItemChild->getValue();
+            strOtherHostExtentNameNamespace = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "VirtualQuantityUnits"))
-            strVirtualQuantityUnits = pelmItemChild->getValue();
+            strVirtualQuantityUnits = pelmItemChild->getValueN(RT_XML_CONTENT_SMALL);
         else if (!strcmp(pcszItemChildName, "Access"))
         {

trunk/src/VBox/Runtime/r3/xml.cpp

@@ -565 +565 @@
 
 /**
+ * Returns the value of a node. If this node is an attribute, returns
+ * the attribute value; if this node is an element, then this returns
+ * the element text content.
+ * @return
+ * @param   cchValueLimit   If the length of the returned value exceeds this
+ *                          limit a EIPRTFailure exception will be thrown.
+ */
+const char *Node::getValueN(size_t cchValueLimit) const
+{
+    if (   m_pLibAttr
+        && m_pLibAttr->children
+        )
+    {
+        // libxml hides attribute values in another node created as a
+        // single child of the attribute node, and it's in the content field
+        AssertStmt(strlen((const char *)m_pLibAttr->children->content) <= cchValueLimit, throw EIPRTFailure(VERR_BUFFER_OVERFLOW, "Attribute '%s' exceeds limit of %zu bytes", m_pcszName, cchValueLimit));
+        return (const char *)m_pLibAttr->children->content;
+    }
+
+    if (   m_pLibNode
+        && m_pLibNode->children)
+    {
+        AssertStmt(strlen((const char *)m_pLibNode->children->content) <= cchValueLimit, throw EIPRTFailure(VERR_BUFFER_OVERFLOW, "Element '%s' exceeds limit of %zu bytes", m_pcszName, cchValueLimit));
+        return (const char *)m_pLibNode->children->content;
+    }
+
+    return NULL;
+}
+
+/**
  * Copies the value of a node into the given integer variable.
  * Returns TRUE only if a value was found and was actually an
@@ -1152 +1182 @@
             return true;
         }
+    }
+
+    return false;
+}
+
+/**
+ * Convenience method which attempts to find the attribute with the given
+ * name and returns its value as a string.
+ *
+ * @param   pcszMatch       Name of attribute to find.
+ * @param   ppcsz           Where to return the attribute.
+ * @param   cchValueLimit   If the length of the returned value exceeds this
+ *                          limit a EIPRTFailure exception will be thrown.
+ * @param   pcszNamespace   The attribute name space prefix or NULL.
+ * @returns Boolean success indicator.
+ */
+bool ElementNode::getAttributeValueN(const char *pcszMatch, const char **ppcsz, size_t cchValueLimit, const char *pcszNamespace /*= NULL*/) const
+{
+    const AttributeNode *pAttr = findAttribute(pcszMatch, pcszNamespace);
+    if (pAttr)
+    {
+        *ppcsz = pAttr->getValueN(cchValueLimit);
+        return true;
+    }
+    return false;
+}
+
+/**
+ * Convenience method which attempts to find the attribute with the given
+ * name and returns its value as a string.
+ *
+ * @param   pcszMatch       Name of attribute to find.
+ * @param   pStr            Pointer to the string object that should receive the
+ *                          attribute value.
+ * @param   cchValueLimit   If the length of the returned value exceeds this
+ *                          limit a EIPRTFailure exception will be thrown.
+ * @param   pcszNamespace   The attribute name space prefix or NULL.
+ * @returns Boolean success indicator.
+ *
+ * @throws  Whatever the string class may throw on assignment.
+ */
+bool ElementNode::getAttributeValueN(const char *pcszMatch, RTCString *pStr, size_t cchValueLimit, const char *pcszNamespace /*= NULL*/) const
+{
+    const AttributeNode *pAttr = findAttribute(pcszMatch, pcszNamespace);
+    if (pAttr)
+    {
+        *pStr = pAttr->getValueN(cchValueLimit);
+        return true;
+    }
+
+    return false;
+}
+
+/**
+ * Like getAttributeValue (ministring variant), but makes sure that all backslashes
+ * are converted to forward slashes.
+ *
+ * @param   pcszMatch       Name of attribute to find.
+ * @param   pStr            Pointer to the string object that should
+ *                          receive the attribute path value.
+ * @param   cchValueLimit   If the length of the returned value exceeds this
+ *                          limit a EIPRTFailure exception will be thrown.
+ * @param   pcszNamespace   The attribute name space prefix or NULL.
+ * @returns Boolean success indicator.
+ */
+bool ElementNode::getAttributeValuePathN(const char *pcszMatch, RTCString *pStr, size_t cchValueLimit, const char *pcszNamespace /*= NULL*/) const
+{
+    if (getAttributeValueN(pcszMatch, pStr, cchValueLimit, pcszNamespace))
+    {
+        pStr->findReplace('\\', '/');
+        return true;
     }