Re: [PATCH] secret: Check length of value in secret object
On Tue, Jan 14, 2025 at 03:06:09PM +0100, Adam Julis wrote:
Ensure that the value in the secret object is validated not only for
NULL
but also for its size. An empty value may not always be NULL, if it has
been manually deleted from the .base64 file.
This sounds a bit wierd - can you explain in more detail what the bug
scenario is ?
Signed-off-by: Adam Julis <ajulis(a)redhat.com>
---
src/conf/virsecretobj.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c
index 455798d414..3cb1ec2b4b 100644
--- a/src/conf/virsecretobj.c
+++ b/src/conf/virsecretobj.c
@@ -719,7 +719,7 @@ virSecretObjGetValue(virSecretObj *obj)
virSecretDef *def = obj->def;
unsigned char *ret = NULL;
- if (!obj->value) {
+ if (!obj->value || (obj->value_size < 1 )) {
My gut feeling is that if there is a bug, then it lies in whatever
code created the non-NULL obj->value PTR, while setting value_size == 0
IOW, fix the place that created the bad data originally, rather than
the place were we access it.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|