--- a/src/domain_conf.c +++ b/src/domain_conf.c @@ -1859,12 +1859,28 @@ virSecurityLabelDefParseXML(virConnectPtr conn, if (virXPathNode(conn, "./seclabel", ctxt) == NULL) return 0; + p = virXPathStringLimit(conn, "string(./seclabel/@model)", + VIR_SECURITY_MODEL_BUFLEN-1, ctxt); + if (p == NULL) { + virDomainReportError(conn, VIR_ERR_XML_ERROR, + "%s", _("missing seclabel model")); + goto error; + } + def->seclabel.model = p; + p = virXPathStringLimit(conn, "string(./seclabel/@type)", VIR_SECURITY_LABEL_BUFLEN-1, ctxt); - if (p == NULL) + if (p == NULL) { + virDomainReportError(conn, VIR_ERR_XML_ERROR, + "%s", _("missing seclabel type")); goto error; - if ((def->seclabel.type = virDomainSeclabelTypeFromString(p)) < 0) + } + + if ((def->seclabel.type = virDomainSeclabelTypeFromString(p)) < 0) { + virDomainReportError(conn, VIR_ERR_XML_ERROR, + _("unknown seclabel type %s"), p); goto error; + } VIR_FREE(p); /* Only parse details, if using static labels, or @@ -1872,16 +1888,14 @@ virSecurityLabelDefParseXML(virConnectPtr conn, */ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC || !(flags & VIR_DOMAIN_XML_INACTIVE)) { - p = virXPathStringLimit(conn, "string(./seclabel/@model)", - VIR_SECURITY_MODEL_BUFLEN-1, ctxt); - if (p == NULL) - goto error; - def->seclabel.model = p; p = virXPathStringLimit(conn, "string(./seclabel/label[1])", VIR_SECURITY_LABEL_BUFLEN-1, ctxt); - if (p == NULL) - goto error; + if (p == NULL) { + virDomainReportError(conn, VIR_ERR_XML_ERROR, + _("seclabel label is too long")); + goto error; + } def->seclabel.label = p; } @@ -1890,8 +1904,11 @@ virSecurityLabelDefParseXML(virConnectPtr conn, !(flags & VIR_DOMAIN_XML_INACTIVE)) { p = virXPathStringLimit(conn, "string(./seclabel/imagelabel[1])", VIR_SECURITY_LABEL_BUFLEN-1, ctxt); - if (p == NULL) + if (p == NULL) { + virDomainReportError(conn, VIR_ERR_XML_ERROR, + _("seclabel image label is too long")); goto error; + } def->seclabel.imagelabel = p; } diff --git a/src/security_selinux.c b/src/security_selinux.c index 1708d55..5937f48 100644