[libvirt] [PATCH] virNetworkLoadState: Disallow mangled 'floor' element
In the network status XML we may have the <floor/> element with the 'sum' attribute. The attribute represents sum of all 'floor'-s of computed over each interface connected to the network (this is needed to guarantee certain bandwidth for certain domain). The sum is therefore a number. However, if the number was mangled (e.g. by an user's interference to network status file), we've just ignored it without refusing to parse such file. This was all due to 'goto error' missing. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/network_conf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index e59938c..dd3fa19 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -2959,6 +2959,7 @@ virNetworkLoadState(virNetworkObjListPtr nets, _("Malformed 'floor_sum' attribute: %s"), floor_sum); VIR_FREE(floor_sum); + goto error; } VIR_FREE(floor_sum); } -- 1.8.5.3
On 02/10/2014 11:30 AM, Michal Privoznik wrote:
In the network status XML we may have the <floor/> element with the 'sum' attribute. The attribute represents sum of all 'floor'-s of computed over each interface connected to the network (this is needed to guarantee certain bandwidth for certain domain). The sum is therefore a number. However, if the number was mangled (e.g. by an user's interference to network status file), we've just ignored it without refusing to parse such file. This was all due to 'goto error' missing.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/network_conf.c | 1 + 1 file changed, 1 insertion(+)
ACK.
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index e59938c..dd3fa19 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -2959,6 +2959,7 @@ virNetworkLoadState(virNetworkObjListPtr nets, _("Malformed 'floor_sum' attribute: %s"), floor_sum); VIR_FREE(floor_sum); + goto error; } VIR_FREE(floor_sum);
Thankfully, our VIR_FREE prevented a double free() :)
}
-- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
On 10.02.2014 19:52, Eric Blake wrote:
On 02/10/2014 11:30 AM, Michal Privoznik wrote:
In the network status XML we may have the <floor/> element with the 'sum' attribute. The attribute represents sum of all 'floor'-s of computed over each interface connected to the network (this is needed to guarantee certain bandwidth for certain domain). The sum is therefore a number. However, if the number was mangled (e.g. by an user's interference to network status file), we've just ignored it without refusing to parse such file. This was all due to 'goto error' missing.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/network_conf.c | 1 + 1 file changed, 1 insertion(+)
ACK.
Thanks, pushed. Cole, maybe this is worth pushing into stable branches too. Michal
participants (2)
-
Eric Blake -
Michal Privoznik