[libvirt] [PATCH] util: Avoid libvirtd crash
In fact, the 'tapfd' is always NULL, the function 'virNetDevTapCreate()'
hasn't
assign 'fd' to 'tapfd', when the function 'virNetDevSetMAC()' is
failed then
goto 'error' lable, finally, the VIR_FORCE_CLOSE() will deref a NULL
'tapfd'.
* util/virnetdevtap.c (virNetDevTapCreateInBridgePort): fix a NULL pointer derefing.
* How to reproduce?
$ cat > /tmp/net.xml <<EOF
<network>
<name>test</name>
<forward mode='nat'/>
<bridge name='br1' stp='off' delay='1' />
<mac address='00:00:00:00:00:00'/>
<ip address='192.168.100.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.100.2' end='192.168.100.254' />
</dhcp>
</ip>
</network>
EOF
$ virsh net-define /tmp/net.xml
$ virsh net-start test
error: Failed to start network brTest
error: End of file while reading data: Input/output error
Signed-off-by: Alex Jia <ajia(a)redhat.com>
---
src/util/virnetdevtap.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c
index 0b3ac46..5d21164 100644
--- a/src/util/virnetdevtap.c
+++ b/src/util/virnetdevtap.c
@@ -341,7 +341,8 @@ int virNetDevTapCreateInBridgePort(const char *brname,
return 0;
error:
- VIR_FORCE_CLOSE(*tapfd);
+ if (tapfd)
+ VIR_FORCE_CLOSE(*tapfd);
return errno;
}
--
1.7.1