[libvirt] [PATCH v2] polkit_driver: fix possible segfault
The changes in commit c7542573 introduced possible segfault. Looking deeper into the code and the original code before the patch series were applied I think that we should report error for each function failure and also we shouldn't call some of the function twice. Found by coverity. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/access/viraccessdriverpolkit.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index 2bc1842..3136be7 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -87,24 +87,22 @@ virAccessDriverPolkitGetCaller(const char *actionid, actionid); return -1; } - if (virIdentityGetUNIXProcessID(identity, pid) < 0) - goto cleanup; - if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) - goto cleanup; - if (virIdentityGetUNIXUserID(identity, uid) < 0) - goto cleanup; - if (!pid) { + if (virIdentityGetUNIXProcessID(identity, pid) < 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", _("No UNIX process ID available")); goto cleanup; } - - if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) + if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX process start time available")); goto cleanup; - - if (virIdentityGetUNIXUserID(identity, uid) < 0) + } + if (virIdentityGetUNIXUserID(identity, uid) < 0) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX caller UID available")); goto cleanup; + } ret = 0; -- 1.8.5.5
On Thu, Sep 25, 2014 at 12:42:09PM +0200, Pavel Hrdina wrote:
The changes in commit c7542573 introduced possible segfault. Looking deeper into the code and the original code before the patch series were applied I think that we should report error for each function failure and also we shouldn't call some of the function twice.
Found by coverity.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/access/viraccessdriverpolkit.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index 2bc1842..3136be7 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -87,24 +87,22 @@ virAccessDriverPolkitGetCaller(const char *actionid, actionid); return -1; } - if (virIdentityGetUNIXProcessID(identity, pid) < 0) - goto cleanup; - if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) - goto cleanup; - if (virIdentityGetUNIXUserID(identity, uid) < 0) - goto cleanup;
- if (!pid) { + if (virIdentityGetUNIXProcessID(identity, pid) < 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", _("No UNIX process ID available")); goto cleanup; } - - if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) + if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX process start time available")); goto cleanup; - - if (virIdentityGetUNIXUserID(identity, uid) < 0) + } + if (virIdentityGetUNIXUserID(identity, uid) < 0) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX caller UID available")); goto cleanup; + }
ACK, that duplication comes from a merge rebase error. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On 09/25/2014 12:48 PM, Daniel P. Berrange wrote:
On Thu, Sep 25, 2014 at 12:42:09PM +0200, Pavel Hrdina wrote:
The changes in commit c7542573 introduced possible segfault. Looking deeper into the code and the original code before the patch series were applied I think that we should report error for each function failure and also we shouldn't call some of the function twice.
Found by coverity.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/access/viraccessdriverpolkit.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index 2bc1842..3136be7 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -87,24 +87,22 @@ virAccessDriverPolkitGetCaller(const char *actionid, actionid); return -1; } - if (virIdentityGetUNIXProcessID(identity, pid) < 0) - goto cleanup; - if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) - goto cleanup; - if (virIdentityGetUNIXUserID(identity, uid) < 0) - goto cleanup;
- if (!pid) { + if (virIdentityGetUNIXProcessID(identity, pid) < 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", _("No UNIX process ID available")); goto cleanup; } - - if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) + if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX process start time available")); goto cleanup; - - if (virIdentityGetUNIXUserID(identity, uid) < 0) + } + if (virIdentityGetUNIXUserID(identity, uid) < 0) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX caller UID available")); goto cleanup; + }
ACK, that duplication comes from a merge rebase error.
Regards, Daniel
Thanks, pushed. Pavel
participants (2)
-
Daniel P. Berrange -
Pavel Hrdina