On 05/25/2013 09:24 AM, Roman Bogorodskiy wrote:
Implementation uses SIOCIFCREATE2 and SIOCIFDESTROY ioctls.
---
src/util/virnetdevtap.c | 116 +++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 114 insertions(+), 2 deletions(-)
+ /* In case we were given exact interface name (e.g.
'vnetN'),
+ * we just rename to it. If we have format string like
+ * 'vnet%d', we need to find the first available name that
+ * matches this pattern
+ */
+ if (strstr(*ifname, "%d") != NULL) {
+ int i;
+ for (i = 0; i <= IF_MAXUNIT; i++) {
+ char *newname;
+ if (virAsprintf(&newname, *ifname, i) < 0) {
Are we POSITIVE that this string is sanitized to have exactly one %d, or
is there a risk that *ifname is user-supplied and can be used to exploit us?
+ virReportOOMError();
+ goto cleanup;
+ }
+
+ if (virNetDevExists(newname) == 0) {
+ newifname = newname;
+ break;
+ }
+ }
Memory leak if you go through the loop more than once. You must free
newname on each failed iteration.
The rest of the code compiles fine on my FreeBSD VM, although I'm not
sure how to test it. It looks like a fixed version would make sense for
1.0.7 (although you may need someone else to step in and commit if I'm
still on my vacation at the time we hit code freeze).
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org