[Libvir] Re: PATCH: BZ 427107: fix crash wrt auth callback
On Wed, Jan 02, 2008 at 12:31:56PM +0000, Daniel P. Berrange wrote:
If the application does not supply an authentication callback, and
tries to
connect to a server with PolicyKit auth turned on it will try to deference
a NULL pointer with predictably crashtastic results:
https://bugzilla.redhat.com/show_bug.cgi?id=427107
This patch has been tested by bug reporter to fix the issue
Here is a second patch which fixes the same issue in the SASL client code
too
Dan.
diff -rupN libvirt-0.4.0.orig/src/remote_internal.c
libvirt-0.4.0.new/src/remote_internal.c
--- libvirt-0.4.0.orig/src/remote_internal.c 2008-01-11 10:39:34.000000000 -0500
+++ libvirt-0.4.0.new/src/remote_internal.c 2008-01-11 10:43:12.000000000 -0500
@@ -3054,8 +3054,12 @@ remoteAuthSASL (virConnectPtr conn, stru
if ((remoteAddr = addrToString(&sa, salen)) == NULL)
goto cleanup;
- if ((saslcb = remoteAuthMakeCallbacks(auth->credtype, auth->ncredtype)) ==
NULL)
- goto cleanup;
+ if (auth) {
+ if ((saslcb = remoteAuthMakeCallbacks(auth->credtype, auth->ncredtype)) ==
NULL)
+ goto cleanup;
+ } else {
+ saslcb = NULL;
+ }
/* Setup a handle for being a client */
err = sasl_client_new("libvirt",
@@ -3168,15 +3172,21 @@ remoteAuthSASL (virConnectPtr conn, stru
goto cleanup;
}
/* Run the authentication callback */
- if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) {
+ if (auth && auth->cb) {
+ if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) {
+ __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+ VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0,
0,
+ "Failed to collect auth credentials");
+ goto cleanup;
+ }
+ remoteAuthFillInteract(cred, interact);
+ goto restart;
+ } else {
__virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
- "Failed to collect auth credentials");
+ "No authentication callback available");
goto cleanup;
- return -1;
}
- remoteAuthFillInteract(cred, interact);
- goto restart;
}
free(iret.mechlist);
@@ -3240,15 +3250,22 @@ remoteAuthSASL (virConnectPtr conn, stru
return -1;
}
/* Run the authentication callback */
- if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) {
+ if (auth && auth->cb) {
+ if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) {
+ __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+ VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL,
NULL, 0, 0,
+ "Failed to collect auth credentials");
+ goto cleanup;
+ return -1;
+ }
+ remoteAuthFillInteract(cred, interact);
+ goto restep;
+ } else {
__virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0,
0,
- "Failed to collect auth credentials");
+ "No authentication callback available");
goto cleanup;
- return -1;
}
- remoteAuthFillInteract(cred, interact);
- goto restep;
}
if (serverin) {
@@ -3319,7 +3336,8 @@ remoteAuthSASL (virConnectPtr conn, stru
if (remoteAddr) free(remoteAddr);
if (serverin) free(serverin);
- free(saslcb);
+ if (saslcb)
+ free(saslcb);
remoteAuthFreeCredentials(cred, ncred);
if (ret != 0 && saslconn)
sasl_dispose(&saslconn);
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|