9:53 a.m.
---
src/security/security_apparmor.c | 20 ++--------
src/security/security_dac.c | 23 ++++--------
src/security/security_nop.c | 7 +---
src/security/security_selinux.c | 79 +++++++++++-----------------------------
src/security/virt-aa-helper.c | 4 +-
5 files changed, 37 insertions(+), 96 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 5fb5db3..84faebd 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -446,24 +446,15 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
if ((profile_name = get_profile_name(def)) == NULL)
return rc;
- secdef->label = strndup(profile_name, strlen(profile_name));
- if (!secdef->label) {
- virReportOOMError();
+ if (VIR_STRDUP(secdef->label, profile_name) < 0)
goto clean;
- }
/* set imagelabel the same as label (but we won't use it) */
- secdef->imagelabel = strndup(profile_name,
- strlen(profile_name));
- if (!secdef->imagelabel) {
- virReportOOMError();
+ if (VIR_STRDUP(secdef->imagelabel, profile_name) < 0)
goto err;
- }
- if (!secdef->model && !(secdef->model =
strdup(SECURITY_APPARMOR_NAME))) {
- virReportOOMError();
+ if (!secdef->model && VIR_STRDUP(secdef->model, SECURITY_APPARMOR_NAME)
< 0)
goto err;
- }
/* Now that we have a label, load the profile into the kernel. */
if (load_profile(mgr, secdef->label, def, NULL, false) < 0) {
@@ -933,10 +924,7 @@ AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
{
char *opts;
- if (!(opts = strdup(""))) {
- virReportOOMError();
- return NULL;
- }
+ ignore_value(VIR_STRDUP(opts, ""));
return opts;
}
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index cd214d8..c894517 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -76,11 +76,8 @@ int parseIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
char *owner = NULL;
char *group = NULL;
- tmp_label = strdup(label);
- if (tmp_label == NULL) {
- virReportOOMError();
+ if (VIR_STRDUP(tmp_label, label) < 0)
goto cleanup;
- }
/* Split label */
sep = strchr(tmp_label, ':');
@@ -1051,18 +1048,12 @@ virSecurityDACGenLabel(virSecurityManagerPtr mgr,
return rc;
}
- if (!seclabel->norelabel) {
- if (seclabel->imagelabel == NULL && seclabel->label != NULL) {
- seclabel->imagelabel = strdup(seclabel->label);
- if (seclabel->imagelabel == NULL) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot generate dac user and group id "
- "for domain %s"), def->name);
- VIR_FREE(seclabel->label);
- seclabel->label = NULL;
- return rc;
- }
- }
+ if (!seclabel->norelabel &&
+ seclabel->imagelabel == NULL && seclabel->label != NULL &&
+ VIR_STRDUP(seclabel->imagelabel, seclabel->label) < 0) {
+ VIR_FREE(seclabel->label);
+ seclabel->label = NULL;
+ return rc;
}
return 0;
diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index 2b9767e..233404c 100644
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -20,7 +20,7 @@
#include <config.h>
#include "security_nop.h"
-
+#include "virstring.h"
#include "virerror.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
@@ -182,10 +182,7 @@ static char
*virSecurityDomainGetMountOptionsNop(virSecurityManagerPtr mgr ATTRI
{
char *opts;
- if (!(opts = strdup(""))) {
- virReportOOMError();
- return NULL;
- }
+ ignore_value(VIR_STRDUP(opts, ""));
return opts;
}
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a85f0a3..dcec32b 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -202,10 +202,8 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
goto cleanup;
}
- if (!(*sens = strdup(context_range_get(ourContext)))) {
- virReportOOMError();
+ if (VIR_STRDUP(*sens, context_range_get(ourContext)) < 0)
goto cleanup;
- }
/* Find and blank out the category part (if any) */
tmp = strchr(*sens, ':');
@@ -312,10 +310,7 @@ virSecuritySELinuxContextAddRange(security_context_t src,
goto cleanup;
}
- if (!(ret = strdup(str))) {
- virReportOOMError();
- goto cleanup;
- }
+ ignore_value(VIR_STRDUP(ret, str));
cleanup:
if (srccon) context_free(srccon);
@@ -385,10 +380,8 @@ virSecuritySELinuxGenNewContext(const char *basecontext,
_("Unable to format SELinux context"));
goto cleanup;
}
- if (!(ret = strdup(str))) {
- virReportOOMError();
+ if (VIR_STRDUP(ret, str) < 0)
goto cleanup;
- }
VIR_DEBUG("Generated context '%s'", ret);
cleanup:
freecon(ourSecContext);
@@ -451,17 +444,10 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
goto error;
}
- data->domain_context = strdup(scon->str);
- data->file_context = strdup(tcon->str);
- data->content_context = strdup(dcon->str);
- if (!data->domain_context ||
- !data->file_context ||
- !data->content_context) {
- virReportSystemError(errno,
- _("cannot allocate memory for LXC SELinux contexts
'%s'"),
- selinux_lxc_contexts_path());
+ if (VIR_STRDUP(data->domain_context, scon->str) < 0 ||
+ VIR_STRDUP(data->file_context, tcon->str) < 0 ||
+ VIR_STRDUP(data->content_context, dcon->str) < 0)
goto error;
- }
if (!(data->mcs = virHashCreate(10, NULL)))
goto error;
@@ -520,11 +506,8 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
*ptr = '\0';
ptr++;
if (*ptr != '\0') {
- data->alt_domain_context = strdup(ptr);
- if (!data->alt_domain_context) {
- virReportOOMError();
+ if (VIR_STRDUP(data->alt_domain_context, ptr) < 0)
goto error;
- }
ptr = strchrnul(data->alt_domain_context, '\n');
if (ptr && *ptr == '\n')
*ptr = '\0';
@@ -544,11 +527,8 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
ptr = strchrnul(data->file_context, '\n');
if (ptr && *ptr == '\n') {
*ptr = '\0';
- data->content_context = strdup(ptr+1);
- if (!data->content_context) {
- virReportOOMError();
+ if (VIR_STRDUP(data->content_context, ptr+1) < 0)
goto error;
- }
ptr = strchrnul(data->content_context, '\n');
if (ptr && *ptr == '\n')
*ptr = '\0';
@@ -643,11 +623,12 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
}
range = context_range_get(ctx);
- if (!range ||
- !(mcs = strdup(range))) {
+ if (!range) {
virReportOOMError();
goto cleanup;
}
+ if (VIR_STRDUP(mcs, range) < 0)
+ goto cleanup;
break;
case VIR_DOMAIN_SECLABEL_DYNAMIC:
@@ -711,10 +692,8 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
}
if (!seclabel->model &&
- !(seclabel->model = strdup(SECURITY_SELINUX_NAME))) {
- virReportOOMError();
+ VIR_STRDUP(seclabel->model, SECURITY_SELINUX_NAME) < 0)
goto cleanup;
- }
rc = 0;
@@ -1391,10 +1370,8 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virDomainDefPtr def,
return -1;
}
} else {
- if (!(path = strdup(dev->source.caps.u.storage.block))) {
- virReportOOMError();
+ if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0)
return -1;
- }
}
ret = virSecuritySELinuxSetFilecon(path, secdef->imagelabel);
VIR_FREE(path);
@@ -1409,10 +1386,8 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virDomainDefPtr def,
return -1;
}
} else {
- if (!(path = strdup(dev->source.caps.u.misc.chardev))) {
- virReportOOMError();
+ if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0)
return -1;
- }
}
ret = virSecuritySELinuxSetFilecon(path, secdef->imagelabel);
VIR_FREE(path);
@@ -1559,10 +1534,8 @@
virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr,
return -1;
}
} else {
- if (!(path = strdup(dev->source.caps.u.storage.block))) {
- virReportOOMError();
+ if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0)
return -1;
- }
}
ret = virSecuritySELinuxRestoreSecurityFileLabel(mgr, path);
VIR_FREE(path);
@@ -1577,10 +1550,8 @@
virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr,
return -1;
}
} else {
- if (!(path = strdup(dev->source.caps.u.misc.chardev))) {
- virReportOOMError();
+ if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0)
return -1;
- }
}
ret = virSecuritySELinuxRestoreSecurityFileLabel(mgr, path);
VIR_FREE(path);
@@ -2366,7 +2337,7 @@ virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr,
const char *range;
context_t ctx = NULL;
char *label = NULL;
- const char *mcs = NULL;
+ char *mcs = NULL;
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
if (secdef == NULL)
@@ -2380,11 +2351,8 @@ virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr,
}
range = context_range_get(ctx);
if (range) {
- mcs = strdup(range);
- if (!mcs) {
- virReportOOMError();
+ if (VIR_STRDUP(mcs, range) < 0)
goto cleanup;
- }
if (!(label = virSecuritySELinuxGenNewContext(data->file_context,
mcs, true)))
goto cleanup;
@@ -2392,9 +2360,9 @@ virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr,
}
cleanup:
- context_free(ctx);
- VIR_FREE(mcs);
- return label;
+ context_free(ctx);
+ VIR_FREE(mcs);
+ return label;
}
static char *
@@ -2417,11 +2385,8 @@ virSecuritySELinuxGetSecurityMountOptions(virSecurityManagerPtr
mgr,
}
}
- if (!opts &&
- !(opts = strdup(""))) {
- virReportOOMError();
+ if (!opts && VIR_STRDUP(opts, "") < 0)
return NULL;
- }
VIR_DEBUG("imageLabel=%s opts=%s",
secdef ? secdef->imagelabel : "(null)", opts);
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index b526919..63594ce 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -773,7 +773,7 @@ vah_add_file(virBufferPtr buf, const char *path, const char *perms)
return rc;
}
} else
- if ((tmp = strdup(path)) == NULL)
+ if (VIR_STRDUP_QUIET(tmp, path) < 0)
return rc;
if (strchr(perms, 'w') != NULL)
@@ -1103,7 +1103,7 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
break;
case 'f':
case 'F':
- if ((ctl->newfile = strdup(optarg)) == NULL)
+ if (VIR_STRDUP_QUIET(ctl->newfile, optarg) < 0)
vah_error(ctl, 1, _("could not allocate memory for
disk"));
ctl->append = arg == 'F';
break;
--
1.8.1.5