[libvirt] [PATCH] Fix double-free and broken logic in virt-login-shell
From: "Daniel P. Berrange" <berrange@redhat.com> The virLoginShellAllowedUser method must not free the 'groups' parameter it is given, as that is owned by the caller. The virLoginShellAllowedUser method should be checking '!*ptr' (ie empty string) rather than '!ptr' (NULL string) since the latter cannot be true. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- tools/virt-login-shell.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c index b8f1a28..b27e44f 100644 --- a/tools/virt-login-shell.c +++ b/tools/virt-login-shell.c @@ -85,7 +85,7 @@ static int virLoginShellAllowedUser(virConfPtr conf, */ if (pp->str[0] == '%') { ptr = &pp->str[1]; - if (!ptr) + if (!*ptr) continue; for (i = 0; groups[i]; i++) { if (!(gname = virGetGroupName(groups[i]))) @@ -96,7 +96,6 @@ static int virLoginShellAllowedUser(virConfPtr conf, } VIR_FREE(gname); } - VIR_FREE(groups); continue; } if (fnmatch(pp->str, name, 0) == 0) { @@ -109,7 +108,6 @@ static int virLoginShellAllowedUser(virConfPtr conf, virReportSystemError(EPERM, _("%s not listed as an allowed_users in %s"), name, conf_file); cleanup: VIR_FREE(gname); - VIR_FREE(groups); return ret; } -- 1.8.3.1
On 08/09/2013 07:01 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
The virLoginShellAllowedUser method must not free the 'groups' parameter it is given, as that is owned by the caller.
The virLoginShellAllowedUser method should be checking '!*ptr' (ie empty string) rather than '!ptr' (NULL string) since the latter cannot be true.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- tools/virt-login-shell.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
ACK John
On 08/09/2013 05:01 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
The virLoginShellAllowedUser method must not free the 'groups' parameter it is given, as that is owned by the caller.
The virLoginShellAllowedUser method should be checking '!*ptr' (ie empty string) rather than '!ptr' (NULL string) since the latter cannot be true.
This only fixes the blatant errors that I called out, but there are still more (cosmetic) fixes needed: https://www.redhat.com/archives/libvir-list/2013-August/msg00398.html -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
On Fri, Aug 09, 2013 at 06:27:36AM -0600, Eric Blake wrote:
On 08/09/2013 05:01 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
The virLoginShellAllowedUser method must not free the 'groups' parameter it is given, as that is owned by the caller.
The virLoginShellAllowedUser method should be checking '!*ptr' (ie empty string) rather than '!ptr' (NULL string) since the latter cannot be true.
This only fixes the blatant errors that I called out, but there are still more (cosmetic) fixes needed: https://www.redhat.com/archives/libvir-list/2013-August/msg00398.html
Ah, I didn't see your reply - i was just responding to John's coverity report. I'll put together a patch for the other fixes too. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (3)
-
Daniel P. Berrange -
Eric Blake -
John Ferlan