2010/5/26 Stefan Berger <stefanb@linux.vnet.ibm.com>:

Getting paranoid now... Clear possibly partially parsed UUIDs. Question is whether to do this in the parsing function itself.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>

---  src/util/uuid.c |    7 ++++++-  1 file changed, 6 insertions(+), 1 deletion(-)

Index: libvirt-acl/src/util/uuid.c =================================================================== --- libvirt-acl.orig/src/util/uuid.c +++ libvirt-acl/src/util/uuid.c @@ -289,14 +289,19 @@ virSetHostUUIDStr(const char *uuid)         if (!getDMISystemUUID(dmiuuid, sizeof(dmiuuid))) {             if (!virUUIDParse(dmiuuid, host_uuid))                 return 0; +            // clear partially parsed UUID +            memset(host_uuid, 0x0, sizeof(host_uuid));         }

        if (!virUUIDIsValid(host_uuid))             return virUUIDGenerate(host_uuid);     } else {         rc = virUUIDParse(uuid, host_uuid); -        if (rc) +        if (rc) { +            // clear partially parsed UUID +            memset(host_uuid, 0x0, sizeof(host_uuid));             return rc; +        }         if (!virUUIDIsValid(host_uuid))             return EINVAL;     }

If we want to be paranoid we should do the memset in virUUIDParse itself. I just grepped for virUUIDParse and found issue: virUUIDParse is used in some places without checking the return value. Matthias