12:28 a.m.
This fixes a potential NULL deref identified by John Ferlan
<jferlan(a)redhat.com> if scandir() didn't return an expected value.
---
src/interface/interface_backend_udev.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/interface/interface_backend_udev.c
b/src/interface/interface_backend_udev.c
index dca85b3..1034429 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -779,6 +779,13 @@ udevIfaceGetIfaceDefBond(struct udev *udev,
* so we use the part after the _
*/
tmp_str = strchr(slave_list[i]->d_name, '_');
+ if (!tmp_str || strlen(tmp_str) < 2) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Invalid enslaved interface name '%s' seen for
"
+ "bond '%s'", slave_list[i]->d_name,
name));
+ goto cleanup;
+ }
+ /* go past the _ */
tmp_str++;
ifacedef->data.bond.itf[i] =
--
1.7.12.4
6:10 a.m.
On 02/26/2013 01:28 AM, Doug Goldstein wrote:
This fixes a potential NULL deref identified by John Ferlan
<jferlan(a)redhat.com> if scandir() didn't return an expected value.
---
src/interface/interface_backend_udev.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/interface/interface_backend_udev.c
b/src/interface/interface_backend_udev.c
index dca85b3..1034429 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -779,6 +779,13 @@ udevIfaceGetIfaceDefBond(struct udev *udev,
* so we use the part after the _
*/
tmp_str = strchr(slave_list[i]->d_name, '_');
+ if (!tmp_str || strlen(tmp_str) < 2) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Invalid enslaved interface name '%s' seen for
"
+ "bond '%s'", slave_list[i]->d_name,
name));
+ goto cleanup;
+ }
+ /* go past the _ */
tmp_str++;
ifacedef->data.bond.itf[i] =
ACK
1:24 p.m.
On Tue, Feb 26, 2013 at 6:10 AM, Laine Stump <laine(a)laine.org> wrote:
On 02/26/2013 01:28 AM, Doug Goldstein wrote:
> This fixes a potential NULL deref identified by John Ferlan
> <jferlan(a)redhat.com> if scandir() didn't return an expected value.
> ---
> src/interface/interface_backend_udev.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/src/interface/interface_backend_udev.c
b/src/interface/interface_backend_udev.c
> index dca85b3..1034429 100644
> --- a/src/interface/interface_backend_udev.c
> +++ b/src/interface/interface_backend_udev.c
> @@ -779,6 +779,13 @@ udevIfaceGetIfaceDefBond(struct udev *udev,
> * so we use the part after the _
> */
> tmp_str = strchr(slave_list[i]->d_name, '_');
> + if (!tmp_str || strlen(tmp_str) < 2) {
> + virReportError(VIR_ERR_INTERNAL_ERROR,
> + _("Invalid enslaved interface name '%s' seen
for "
> + "bond '%s'",
slave_list[i]->d_name, name));
> + goto cleanup;
> + }
> + /* go past the _ */
> tmp_str++;
>
> ifacedef->data.bond.itf[i] =
ACK
Pushed for 1.0.3. Thanks.
--
Doug Goldstein
4287
days inactive
4287
days old
2 comments
3 participants
participants (3)
-
Doug Goldstein -
Doug Goldstein -
Laine Stump