[PATCH] virConnectAuthCallbackDefault: Return failure if 'virGetPassword' returns NULL
From: Peter Krempa <pkrempa@redhat.com> virGetPassword can return NULL on linux or BSD if it fails. The caller in virConnectAuthCallbackDefault does dereference it unconditionally. Return failure if virGetPassword returns NULL. Fixes: db72866310d1e520efa8ed2d4589bdb5e76a1c95 Closes: https://gitlab.com/libvirt/libvirt/-/issues/777 Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/libvirt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libvirt.c b/src/libvirt.c index 581fc6deea..375d3fa7ef 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -158,7 +158,9 @@ virConnectAuthCallbackDefault(virConnectCredentialPtr cred, if (fflush(stdout) != 0) return -1; - bufptr = virGetPassword(); + if (!(bufptr = virGetPassword())) + return -1; + if (STREQ(bufptr, "")) VIR_FREE(bufptr); break; -- 2.49.0
On Thu, May 29, 2025 at 22:43:20 +0200, Peter Krempa wrote:
From: Peter Krempa <pkrempa@redhat.com>
virGetPassword can return NULL on linux or BSD if it fails. The caller in virConnectAuthCallbackDefault does dereference it unconditionally.
Return failure if virGetPassword returns NULL.
Fixes: db72866310d1e520efa8ed2d4589bdb5e76a1c95 Closes: https://gitlab.com/libvirt/libvirt/-/issues/777 Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/libvirt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
participants (2)
-
Jiri Denemark -
Peter Krempa