From: "Daniel P. Berrange" <berrange@redhat.com> Code that validates the whitelist for the RNG device filename didn't account for fact that filename may be NULL. This led to a NULL reference crash. This wasn't caught since the test suite was not covering this XML syntax Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/conf/domain_conf.c | 3 ++- .../qemuxml2argv-virtio-rng-default.args | 6 ++++++ .../qemuxml2argv-virtio-rng-default.xml | 23 ++++++++++++++++++++++ tests/qemuxml2argvtest.c | 2 ++ 4 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.xml diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index f7c8af1..3c4e043 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -7424,7 +7424,8 @@ virDomainRNGDefParseXML(const xmlNodePtr node, switch ((enum virDomainRNGBackend) def->backend) { case VIR_DOMAIN_RNG_BACKEND_RANDOM: def->source.file = virXPathString("string(./backend)", ctxt); - if (STRNEQ(def->source.file, "/dev/random") && + if (def->source.file && + STRNEQ(def->source.file, "/dev/random") && STRNEQ(def->source.file, "/dev/hwrng")) { virReportError(VIR_ERR_XML_ERROR, _("file '%s' is not a supported random source"), diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.args b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.args new file mode 100644 index 0000000..a5f04fd --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.args @@ -0,0 +1,6 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu \ +-S -M pc -m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb \ +-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 \ +-object rng-random,id=rng0 \ +-device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x4 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.xml b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.xml new file mode 100644 index 0000000..0852dea --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.xml @@ -0,0 +1,23 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <controller type='usb' index='0'/> + <memballoon model='virtio'/> + <rng model='virtio'> + <backend model='random'/> + </rng> + </devices> +</domain> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index b6b5489..2354733 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -882,6 +882,8 @@ mymain(void) QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIDEO_PRIMARY, QEMU_CAPS_DEVICE_QXL, QEMU_CAPS_DEVICE_QXL_VGA); + DO_TEST("virtio-rng-default", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG, + QEMU_CAPS_OBJECT_RNG_RANDOM); DO_TEST("virtio-rng-random", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_RANDOM); DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG, -- 1.7.11.7