From 076dd379958ff55ef7e39d7f6a7a1c9efded2a77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Tue, 28 Apr 2015 17:07:20 +0200
Subject: [PATCH] Ignore bridge template names with multiple printf conversions

For some reason, we allow a bridge name with %d in it, which we replace
with an unsigned integer to form a bridge name that does not yet exist
on the host.

Do not blindly pass it to virAsprintf if it's not the only conversion,
to prevent crashing on input like:

<network>
  <name>test</name>
  <forward mode='none'/>
  <bridge name='virbr%d%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s'/>
</network>

Ignore any template strings that do not have exactly one %d conversion,
like we do in various drivers before calling virNetDevTapCreateInBridgePort.
---
 src/network/bridge_driver.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 3b879cd42b..4b5347513e 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2775,7 +2775,13 @@ networkFindUnusedBridgeName(virNetworkObjListPtr nets,
 
     int ret = -1, id = 0;
     char *newname = NULL;
-    const char *templ = def->bridge ? def->bridge : "virbr%d";
+    const char *templ = "virbr%d";
+    const char *p;
+
+    if (def->bridge &&
+        (p = strchr(def->bridge, '%')) == strrchr(def->bridge, '%') &&
+        p[1] == 'd')
+        templ = def->bridge;
 
     do {
         if (virAsprintf(&newname, templ, id) < 0)