12:25 p.m.
The first statement in this function tests for freeFunc == NULL,
and if that's true, it does "goto failure" where it
proceeds to call through that NULL function pointer:
if (list == NULL || *list != NULL ||
castFromAnyTypeFunc == NULL || freeFunc == NULL) {
ESX_VI_ERROR(conn, VIR_ERR_INTERNAL_ERROR, "Invalid argument");
return -1;
}
...
failure:
freeFunc(&item);
freeFunc(list);
From 97c5e9c87eb99d881ee84c4f09bb943f3410d3b1 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 15 Dec 2009 19:22:31 +0100
Subject: [PATCH] esx_vi.c: avoid NULL deref for invalid inputs
* src/esx/esx_vi.c (esxVI_List_CastFromAnyType): For invalid
inputs, fail right away. Do not "goto failure" where a NULL
input pointer would be dereferenced.
---
src/esx/esx_vi.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/esx/esx_vi.c b/src/esx/esx_vi.c
index 5725b2f..1138e8c 100644
--- a/src/esx/esx_vi.c
+++ b/src/esx/esx_vi.c
@@ -935,7 +935,7 @@ esxVI_List_CastFromAnyType(virConnectPtr conn, esxVI_AnyType
*anyType,
if (list == NULL || *list != NULL ||
castFromAnyTypeFunc == NULL || freeFunc == NULL) {
ESX_VI_ERROR(conn, VIR_ERR_INTERNAL_ERROR, "Invalid argument");
- goto failure;
+ return -1;
}
if (anyType == NULL) {
@@ -946,7 +946,7 @@ esxVI_List_CastFromAnyType(virConnectPtr conn, esxVI_AnyType
*anyType,
ESX_VI_ERROR(conn, VIR_ERR_INTERNAL_ERROR,
"Expecting type to begin with 'ArrayOf' but found
'%s'",
anyType->other);
- goto failure;
+ return -1;
}
for (childNode = anyType->_node->xmlChildrenNode; childNode != NULL;
--
1.6.6.rc2.275.g51e2d
1 p.m.
2009/12/15 Jim Meyering <jim(a)meyering.net>:
The first statement in this function tests for freeFunc == NULL,
and if that's true, it does "goto failure" where it
proceeds to call through that NULL function pointer:
if (list == NULL || *list != NULL ||
castFromAnyTypeFunc == NULL || freeFunc == NULL) {
ESX_VI_ERROR(conn, VIR_ERR_INTERNAL_ERROR, "Invalid argument");
return -1;
}
...
failure:
freeFunc(&item);
freeFunc(list);
>From 97c5e9c87eb99d881ee84c4f09bb943f3410d3b1 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 15 Dec 2009 19:22:31 +0100
Subject: [PATCH] esx_vi.c: avoid NULL deref for invalid inputs
* src/esx/esx_vi.c (esxVI_List_CastFromAnyType): For invalid
inputs, fail right away. Do not "goto failure" where a NULL
input pointer would be dereferenced.
---
src/esx/esx_vi.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/esx/esx_vi.c b/src/esx/esx_vi.c
index 5725b2f..1138e8c 100644
--- a/src/esx/esx_vi.c
+++ b/src/esx/esx_vi.c
@@ -935,7 +935,7 @@ esxVI_List_CastFromAnyType(virConnectPtr conn, esxVI_AnyType
*anyType,
if (list == NULL || *list != NULL ||
castFromAnyTypeFunc == NULL || freeFunc == NULL) {
ESX_VI_ERROR(conn, VIR_ERR_INTERNAL_ERROR, "Invalid argument");
- goto failure;
+ return -1;
}
Okay, this fixes the NULL-deref.
if (anyType == NULL) {
@@ -946,7 +946,7 @@ esxVI_List_CastFromAnyType(virConnectPtr conn, esxVI_AnyType
*anyType,
ESX_VI_ERROR(conn, VIR_ERR_INTERNAL_ERROR,
"Expecting type to begin with 'ArrayOf' but found
'%s'",
anyType->other);
- goto failure;
+ return -1;
This change isn't necessary to fix the NULL-deref bug, but it's okay
because there it nothing to cleanup at this point.
}
for (childNode = anyType->_node->xmlChildrenNode; childNode != NULL;
--
1.6.6.rc2.275.g51e2d
ACK.
Matthias
5456
days inactive
5456
days old
1 comments
2 participants
participants (2)
-
Jim Meyering -
Matthias Bolte