[libvirt] [PATCH v2] security_selinux: Fix crash in virSecuritySELinuxRestoreFileLabel

21 Jan 2016

virSecuritySELinuxRestoreFileLabel should never be called with NULL path
add check before call this function in case of causeing libvirtd crash

https://bugzilla.redhat.com/show_bug.cgi?id=1300532
Signed-off-by: Shanzhi Yu <shyu@redhat.com>
---
 src/security/security_selinux.c | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 9e98635..77e55a3 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1098,7 +1098,8 @@ virSecuritySELinuxRestoreInputLabel(virSecurityManagerPtr mgr,
 
     switch ((virDomainInputType) input->type) {
     case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH:
-        rc = virSecuritySELinuxRestoreFileLabel(mgr, input->source.evdev);
+        if (input->source.evdev)
+            rc = virSecuritySELinuxRestoreFileLabel(mgr, input->source.evdev);
         break;
 
     case VIR_DOMAIN_INPUT_TYPE_MOUSE:
@@ -1171,7 +1172,9 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityManagerPtr mgr,
     switch (tpm->type) {
     case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
         tpmdev = tpm->data.passthrough.source.data.file.path;
-        rc = virSecuritySELinuxRestoreFileLabel(mgr, tpmdev);
+
+        if (tpmdev)
+            rc = virSecuritySELinuxRestoreFileLabel(mgr, tpmdev);
 
         if ((cancel_path = virTPMCreateCancelPath(tpmdev)) != NULL) {
             if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path) < 0)
@@ -1722,7 +1725,9 @@ virSecuritySELinuxRestoreHostdevCapsLabel(virSecurityManagerPtr mgr,
             if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0)
                 return -1;
         }
-        ret = virSecuritySELinuxRestoreFileLabel(mgr, path);
+        if (path)
+            ret = virSecuritySELinuxRestoreFileLabel(mgr, path);
+
         VIR_FREE(path);
         break;
     }
@@ -1736,7 +1741,8 @@ virSecuritySELinuxRestoreHostdevCapsLabel(virSecurityManagerPtr mgr,
             if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0)
                 return -1;
         }
-        ret = virSecuritySELinuxRestoreFileLabel(mgr, path);
+        if (path)
+            ret = virSecuritySELinuxRestoreFileLabel(mgr, path);
         VIR_FREE(path);
         break;
     }
@@ -1876,13 +1882,15 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityManagerPtr mgr,
     switch (dev_source->type) {
     case VIR_DOMAIN_CHR_TYPE_DEV:
     case VIR_DOMAIN_CHR_TYPE_FILE:
-        if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.path) < 0)
-            goto done;
+        if (dev_source->data.file.path) {
+            if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.path) < 0)
+                goto done;
+        }
         ret = 0;
         break;
 
     case VIR_DOMAIN_CHR_TYPE_UNIX:
-        if (!dev_source->data.nix.listen) {
+        if (!dev_source->data.nix.listen && dev_source->data.file.path) {
             if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.path) < 0)
                 goto done;
         }
@@ -1898,7 +1906,8 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityManagerPtr mgr,
                 (virSecuritySELinuxRestoreFileLabel(mgr, in) < 0)) {
                 goto done;
             }
-        } else if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.path) < 0) {
+        } else if (dev_source->data.file.path &&
+                   virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.path) < 0) {
             goto done;
         }
         ret = 0;
-- 
1.8.3.1

    

Shanzhi Yu

John Ferlan

tags

participants (2)