[libvirt] [PATCH] Avoid crash in security driver if model is NULL

Tuesday, 18 January 2011

If the XML security model is NULL, it is assumed that the current
model will be used with dynamic labelling. The verify step is
meaningless and potentially crashes if dereferencing NULL

* src/security/security_manager.c: Skip NULL model on verify
---
 src/security/security_manager.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 66cffb5..1bc0ebb 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -309,6 +309,13 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
 int virSecurityManagerVerify(virSecurityManagerPtr mgr,
                              virDomainDefPtr def)
 {
+    /* NULL model == dynamic labelling, with whatever drive
+     * is active, so we can short circuit verify check to
+     * avoid drivers dereferencing NULLs by accident
+     */
+    if (!secdef->model)
+        return 0;
+
     if (mgr->drv->domainSecurityVerify)
         return mgr->drv->domainSecurityVerify(mgr, def);
 
-- 
1.7.3.4


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005