[libvirt] [PATCH] storage: Fix a NULL ptr dereference in virStorageBackendCreateQemuImg
There was a missing check for vol->target.encryption being NULL at one particular place (modified by commit a48c71411) which caused a crash when user attempted to create a raw volume using a non-raw file volume as source. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363636 Signed-off-by: Erik Skultety <eskultet@redhat.com> --- src/storage/storage_backend.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c index 1f33181..d4334dc 100644 --- a/src/storage/storage_backend.c +++ b/src/storage/storage_backend.c @@ -1459,6 +1459,7 @@ virStorageBackendCreateQemuImg(virConnectPtr conn, goto cleanup; if (vol->target.format == VIR_STORAGE_FILE_RAW && + vol->target.encryption && vol->target.encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { if (!(secretPath = virStorageBackendCreateQemuImgSecretPath(conn, pool, vol))) -- 2.5.5
On Wed, 2016-08-03 at 12:27 +0200, Erik Skultety wrote:
There was a missing check for vol->target.encryption being NULL at one particular place (modified by commit a48c71411) which caused a crash when user attempted to create a raw volume using a non-raw file volume as source. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363636 Signed-off-by: Erik Skultety <eskultet@redhat.com> --- src/storage/storage_backend.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c index 1f33181..d4334dc 100644 --- a/src/storage/storage_backend.c +++ b/src/storage/storage_backend.c @@ -1459,6 +1459,7 @@ virStorageBackendCreateQemuImg(virConnectPtr conn, goto cleanup; if (vol->target.format == VIR_STORAGE_FILE_RAW && + vol->target.encryption && vol->target.encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { if (!(secretPath = virStorageBackendCreateQemuImgSecretPath(conn, pool, vol)))
Should we check to make sure that vol and vol->target are non-NULL as well? ACK -- Andrea Bolognani / Red Hat / Virtualization
On 08/04/2016 04:48 AM, Andrea Bolognani wrote:
On Wed, 2016-08-03 at 12:27 +0200, Erik Skultety wrote:
There was a missing check for vol->target.encryption being NULL at one particular place (modified by commit a48c71411) which caused a crash when user attempted to create a raw volume using a non-raw file volume as source.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363636
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- src/storage/storage_backend.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c index 1f33181..d4334dc 100644 --- a/src/storage/storage_backend.c +++ b/src/storage/storage_backend.c @@ -1459,6 +1459,7 @@ virStorageBackendCreateQemuImg(virConnectPtr conn, goto cleanup;
if (vol->target.format == VIR_STORAGE_FILE_RAW && + vol->target.encryption && vol->target.encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { if (!(secretPath = virStorageBackendCreateQemuImgSecretPath(conn, pool, vol)))
Should we check to make sure that vol and vol->target are non-NULL as well?
Well by this point vol would have already been dereferenced by the callers virStorageBackendGetBuildVolFromFunction or _virStorageBackendFileSystemVolBuild... John
On Thu, 2016-08-04 at 07:46 -0400, John Ferlan wrote:
Should we check to make sure that vol and vol->target are non-NULL as well? Well by this point vol would have already been dereferenced by the callers virStorageBackendGetBuildVolFromFunction or _virStorageBackendFileSystemVolBuild...
Cool. I didn't check further up the call stack, I just figured I'd throw that out there :) -- Andrea Bolognani / Red Hat / Virtualization
participants (3)
-
Andrea Bolognani -
Erik Skultety -
John Ferlan