On Tue, Jan 14, 2025 at 03:06:09PM +0100, Adam Julis wrote:
Ensure that the value in the secret object is validated not only for NULL but also for its size. An empty value may not always be NULL, if it has been manually deleted from the .base64 file.
This sounds a bit wierd - can you explain in more detail what the bug scenario is ?
Signed-off-by: Adam Julis <ajulis@redhat.com> --- src/conf/virsecretobj.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c index 455798d414..3cb1ec2b4b 100644 --- a/src/conf/virsecretobj.c +++ b/src/conf/virsecretobj.c @@ -719,7 +719,7 @@ virSecretObjGetValue(virSecretObj *obj) virSecretDef *def = obj->def; unsigned char *ret = NULL;
- if (!obj->value) { + if (!obj->value || (obj->value_size < 1 )) {
My gut feeling is that if there is a bug, then it lies in whatever code created the non-NULL obj->value PTR, while setting value_size == 0 IOW, fix the place that created the bad data originally, rather than the place were we access it. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|