[libvirt] [PATCH] interface: udev backend coverity NULL deref
This fixes a potential NULL deref identified by John Ferlan <jferlan@redhat.com> if scandir() didn't return an expected value. --- src/interface/interface_backend_udev.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c index dca85b3..1034429 100644 --- a/src/interface/interface_backend_udev.c +++ b/src/interface/interface_backend_udev.c @@ -779,6 +779,13 @@ udevIfaceGetIfaceDefBond(struct udev *udev, * so we use the part after the _ */ tmp_str = strchr(slave_list[i]->d_name, '_'); + if (!tmp_str || strlen(tmp_str) < 2) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Invalid enslaved interface name '%s' seen for " + "bond '%s'", slave_list[i]->d_name, name)); + goto cleanup; + } + /* go past the _ */ tmp_str++; ifacedef->data.bond.itf[i] = -- 1.7.12.4
On 02/26/2013 01:28 AM, Doug Goldstein wrote:
This fixes a potential NULL deref identified by John Ferlan <jferlan@redhat.com> if scandir() didn't return an expected value. --- src/interface/interface_backend_udev.c | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c index dca85b3..1034429 100644 --- a/src/interface/interface_backend_udev.c +++ b/src/interface/interface_backend_udev.c @@ -779,6 +779,13 @@ udevIfaceGetIfaceDefBond(struct udev *udev, * so we use the part after the _ */ tmp_str = strchr(slave_list[i]->d_name, '_'); + if (!tmp_str || strlen(tmp_str) < 2) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Invalid enslaved interface name '%s' seen for " + "bond '%s'", slave_list[i]->d_name, name)); + goto cleanup; + } + /* go past the _ */ tmp_str++;
ifacedef->data.bond.itf[i] =
ACK
On Tue, Feb 26, 2013 at 6:10 AM, Laine Stump <laine@laine.org> wrote:
On 02/26/2013 01:28 AM, Doug Goldstein wrote:
This fixes a potential NULL deref identified by John Ferlan <jferlan@redhat.com> if scandir() didn't return an expected value. --- src/interface/interface_backend_udev.c | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c index dca85b3..1034429 100644 --- a/src/interface/interface_backend_udev.c +++ b/src/interface/interface_backend_udev.c @@ -779,6 +779,13 @@ udevIfaceGetIfaceDefBond(struct udev *udev, * so we use the part after the _ */ tmp_str = strchr(slave_list[i]->d_name, '_'); + if (!tmp_str || strlen(tmp_str) < 2) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Invalid enslaved interface name '%s' seen for " + "bond '%s'", slave_list[i]->d_name, name)); + goto cleanup; + } + /* go past the _ */ tmp_str++;
ifacedef->data.bond.itf[i] =
ACK
Pushed for 1.0.3. Thanks. -- Doug Goldstein
participants (3)
-
Doug Goldstein -
Doug Goldstein -
Laine Stump