[libvirt] [PATCH] Fix libvirtd crash in qemuDomainGetTLSObjects
Passing a NULL value for the argument secAlias to the function qemuDomainGetTLSObjects causes a segmentation fault. Thread 3 "libvirtd" received signal SIGSEGV, Segmentation fault. 0x00007f97c9c42a3d in qemuDomainGetTLSObjects (...,secAlias=0x0) at qemu/qemu_hotplug.c:1736 Changed code to not dereference a NULL secAlias. Signed-off-by: Ashish Mittal <ashmit602@gmail.com> --- src/qemu/qemu_hotplug.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 7dd6e5f..df58ecc 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1643,7 +1643,8 @@ qemuDomainGetTLSObjects(virQEMUCapsPtr qemuCaps, } if (qemuBuildTLSx509BackendProps(tlsCertdir, tlsListen, tlsVerify, - *secAlias, qemuCaps, tlsProps) < 0) + **secAlias ? *secAlias : NULL, qemuCaps, + tlsProps) < 0) return -1; if (!(*tlsAlias = qemuAliasTLSObjFromSrcAlias(srcAlias))) -- 2.5.5
On Tue, Sep 19, 2017 at 09:58:34PM -0700, Ashish Mittal wrote:
Passing a NULL value for the argument secAlias to the function qemuDomainGetTLSObjects causes a segmentation fault.
Thread 3 "libvirtd" received signal SIGSEGV, Segmentation fault. 0x00007f97c9c42a3d in qemuDomainGetTLSObjects (...,secAlias=0x0) at qemu/qemu_hotplug.c:1736
Can you provide the whole backtrace? Because from what I see in the code, qemuDomainGetTLSObjects is called from qemu_hotplug.c and qemu_migration.c, but none of the code paths would result in qemuDomainGetTLSObjects to get secAlias == NULL, solely because all the callers (direct or indirect) of this method call it as &secAlias. Therefore, I think the case you're trying to fix cannot happen in the current state - the fix is also wrong, see below.
if (qemuBuildTLSx509BackendProps(tlsCertdir, tlsListen, tlsVerify, - *secAlias, qemuCaps, tlsProps) < 0) + **secAlias ? *secAlias : NULL, qemuCaps,
So, hypothetically, if secAlias == NULL and *secAlias results in a SEGFAULT, what is the result of doing **secAlias? Correct, a SEGFAULT. Erik
On Wed, Sep 20, 2017 at 09:03:18AM +0200, Erik Skultety wrote:
On Tue, Sep 19, 2017 at 09:58:34PM -0700, Ashish Mittal wrote:
Passing a NULL value for the argument secAlias to the function qemuDomainGetTLSObjects causes a segmentation fault.
Thread 3 "libvirtd" received signal SIGSEGV, Segmentation fault. 0x00007f97c9c42a3d in qemuDomainGetTLSObjects (...,secAlias=0x0) at qemu/qemu_hotplug.c:1736
Can you provide the whole backtrace? Because from what I see in the code, qemuDomainGetTLSObjects is called from qemu_hotplug.c and qemu_migration.c, but none of the code paths would result in qemuDomainGetTLSObjects to get secAlias == NULL, solely because all the callers (direct or indirect) of this method call
Oh, I see, this is supposed to be a follow-up patch to https://www.redhat.com/archives/libvir-list/2017-September/msg00645.html. You can disregard my comment above then, the fix still needs to be adjusted though as pointed out in my previous response. Erik
it as &secAlias. Therefore, I think the case you're trying to fix cannot happen in the current state - the fix is also wrong, see below.
if (qemuBuildTLSx509BackendProps(tlsCertdir, tlsListen, tlsVerify, - *secAlias, qemuCaps, tlsProps) < 0) + **secAlias ? *secAlias : NULL, qemuCaps,
So, hypothetically, if secAlias == NULL and *secAlias results in a SEGFAULT, what is the result of doing **secAlias? Correct, a SEGFAULT.
Erik
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, Sep 20, 2017 at 12:52 AM, Erik Skultety <eskultet@redhat.com> wrote:
On Wed, Sep 20, 2017 at 09:03:18AM +0200, Erik Skultety wrote:
On Tue, Sep 19, 2017 at 09:58:34PM -0700, Ashish Mittal wrote:
Passing a NULL value for the argument secAlias to the function qemuDomainGetTLSObjects causes a segmentation fault.
Thread 3 "libvirtd" received signal SIGSEGV, Segmentation fault. 0x00007f97c9c42a3d in qemuDomainGetTLSObjects (...,secAlias=0x0) at qemu/qemu_hotplug.c:1736
Can you provide the whole backtrace? Because from what I see in the code, qemuDomainGetTLSObjects is called from qemu_hotplug.c and qemu_migration.c, but none of the code paths would result in qemuDomainGetTLSObjects to get secAlias == NULL, solely because all the callers (direct or indirect) of this method call
Oh, I see, this is supposed to be a follow-up patch to https://www.redhat.com/archives/libvir-list/2017-September/msg00645.html. You can disregard my comment above then, the fix still needs to be adjusted though as pointed out in my previous response.
Erik
Thanks for pointing out my blunder! I just realized that I had not restarted libvirtd service after running "make install" when I tested my change. The changes appeared to work because I had the original fix described in https://www.redhat.com/archives/libvir-list/2017-September/msg00638.html still in libvirtd. I will repost after fixing and testing again. Ashish
happen in the current state - the fix is also wrong, see below.
if (qemuBuildTLSx509BackendProps(tlsCertdir, tlsListen,
tlsVerify,
- *secAlias, qemuCaps, tlsProps) <
it as &secAlias. Therefore, I think the case you're trying to fix cannot 0)
+ **secAlias ? *secAlias : NULL, qemuCaps,
So, hypothetically, if secAlias == NULL and *secAlias results in a SEGFAULT, what is the result of doing **secAlias? Correct, a SEGFAULT.
Erik
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
participants (3)
-
Ashish Mittal -
ashish mittal
-
Erik Skultety