[libvirt] [PATCH] Avoid crash in security driver if model is NULL

If the XML security model is NULL, it is assumed that the current model will be used with dynamic labelling. The verify step is meaningless and potentially crashes if dereferencing NULL * src/security/security_manager.c: Skip NULL model on verify --- src/security/security_manager.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 66cffb5..1bc0ebb 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -309,6 +309,13 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr, int virSecurityManagerVerify(virSecurityManagerPtr mgr, virDomainDefPtr def) { + /* NULL model == dynamic labelling, with whatever drive + * is active, so we can short circuit verify check to + * avoid drivers dereferencing NULLs by accident + */ + if (!secdef->model) + return 0; + if (mgr->drv->domainSecurityVerify) return mgr->drv->domainSecurityVerify(mgr, def); -- 1.7.3.4

On 01/18/2011 11:04 AM, Daniel P. Berrange wrote:
If the XML security model is NULL, it is assumed that the current model will be used with dynamic labelling. The verify step is meaningless and potentially crashes if dereferencing NULL
* src/security/security_manager.c: Skip NULL model on verify --- src/security/security_manager.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 66cffb5..1bc0ebb 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -309,6 +309,13 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr, int virSecurityManagerVerify(virSecurityManagerPtr mgr, virDomainDefPtr def) { + /* NULL model == dynamic labelling, with whatever drive
s/drive/driver/ /me repeats to myself: I promise to overlook US vs. UK spelling differences such as labeling, when the difference only occurs in a comment and not in the API or a translated string
+ * is active, so we can short circuit verify check to + * avoid drivers dereferencing NULLs by accident + */
ACK. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
participants (2)
-
Daniel P. Berrange
-
Eric Blake