[libvirt] [PATCH] nwfilter: don't crash listing filters in unprivileged daemon
The unprivileged libvirtd does not support nwfilter config, by leaves the driver active. It is supposed to result in all APIs being an effective no-op, but several APIs rely on driver->nwfilters being non-NULL, or they will reference a NULL pointer. Rather than adding checks for NULL in many places, just make sure driver->nwfilters is always initialized. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/nwfilter/nwfilter_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 2f9a51c405..89b767fe11 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -189,6 +189,8 @@ nwfilterStateInitialize(bool privileged, /* remember that we are going to use firewalld */ driver->watchingFirewallD = (sysbus != NULL); driver->privileged = privileged; + if (!(driver->nwfilters = virNWFilterObjListNew())) + goto error; if (!privileged) return 0; @@ -244,9 +246,6 @@ nwfilterStateInitialize(bool privileged, goto error; } - if (!(driver->nwfilters = virNWFilterObjListNew())) - goto error; - if (virNWFilterObjListLoadAllConfigs(driver->nwfilters, driver->configDir) < 0) goto error; @@ -271,6 +270,7 @@ nwfilterStateInitialize(bool privileged, virNWFilterIPAddrMapShutdown(); err_free_driverstate: + virNWFilterObjListFree(driver->nwfilters); VIR_FREE(driver); return -1; -- 2.14.3
On 12/05/2017 11:41 AM, Daniel P. Berrange wrote:
The unprivileged libvirtd does not support nwfilter config, by leaves the driver active. It is supposed to result in all APIs being an effective no-op, but several APIs rely on driver->nwfilters being non-NULL, or they will reference a NULL pointer. Rather than adding checks for NULL in many places, just make sure driver->nwfilters is always initialized.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/nwfilter/nwfilter_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
I think nwfilterStateCleanup will also need a slight, but obvious adjustment... Reviewed-by: John Ferlan <jferlan@redhat.com> John (and since it's in 3.9, I need a bz to handle a backport <sigh>)
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 2f9a51c405..89b767fe11 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -189,6 +189,8 @@ nwfilterStateInitialize(bool privileged, /* remember that we are going to use firewalld */ driver->watchingFirewallD = (sysbus != NULL); driver->privileged = privileged; + if (!(driver->nwfilters = virNWFilterObjListNew())) + goto error;
if (!privileged) return 0; @@ -244,9 +246,6 @@ nwfilterStateInitialize(bool privileged, goto error; }
- if (!(driver->nwfilters = virNWFilterObjListNew())) - goto error; - if (virNWFilterObjListLoadAllConfigs(driver->nwfilters, driver->configDir) < 0) goto error;
@@ -271,6 +270,7 @@ nwfilterStateInitialize(bool privileged, virNWFilterIPAddrMapShutdown();
err_free_driverstate: + virNWFilterObjListFree(driver->nwfilters); VIR_FREE(driver);
return -1;
On Tue, Dec 05, 2017 at 16:48:36 -0500, John Ferlan wrote:
On 12/05/2017 11:41 AM, Daniel P. Berrange wrote:
The unprivileged libvirtd does not support nwfilter config, by leaves the driver active. It is supposed to result in all APIs being an effective no-op, but several APIs rely on driver->nwfilters being non-NULL, or they will reference a NULL pointer. Rather than adding checks for NULL in many places, just make sure driver->nwfilters is always initialized.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/nwfilter/nwfilter_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
I think nwfilterStateCleanup will also need a slight, but obvious adjustment...
Reviewed-by: John Ferlan <jferlan@redhat.com>
John
(and since it's in 3.9, I need a bz to handle a backport <sigh>)
You don't need BZs for backporting it to maintenance branches.
participants (3)
-
Daniel P. Berrange -
John Ferlan -
Peter Krempa