[libvirt] [PATCH] polkit_driver: fix possible segfault
The changes in commit c7542573 introduced a segfault. Found by coverity. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/access/viraccessdriverpolkit.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index 2bc1842..2fd4fed 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -87,6 +87,12 @@ virAccessDriverPolkitGetCaller(const char *actionid, actionid); return -1; } + if (!pid) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX process ID available")); + goto cleanup; + } + if (virIdentityGetUNIXProcessID(identity, pid) < 0) goto cleanup; if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) @@ -94,12 +100,6 @@ virAccessDriverPolkitGetCaller(const char *actionid, if (virIdentityGetUNIXUserID(identity, uid) < 0) goto cleanup; - if (!pid) { - virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No UNIX process ID available")); - goto cleanup; - } - if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) goto cleanup; -- 1.8.5.5
On Thu, Sep 25, 2014 at 11:19:34 +0200, Pavel Hrdina wrote:
The changes in commit c7542573 introduced a segfault. Found by coverity.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/access/viraccessdriverpolkit.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index 2bc1842..2fd4fed 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -87,6 +87,12 @@ virAccessDriverPolkitGetCaller(const char *actionid, actionid); return -1; } + if (!pid) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX process ID available")); + goto cleanup; + } + if (virIdentityGetUNIXProcessID(identity, pid) < 0) goto cleanup; if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) @@ -94,12 +100,6 @@ virAccessDriverPolkitGetCaller(const char *actionid, if (virIdentityGetUNIXUserID(identity, uid) < 0) goto cleanup;
- if (!pid) {
I think Daniel rather wanted to check if (!*pid).
- virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No UNIX process ID available")); - goto cleanup; - } - if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) goto cleanup;
Jirka
On Thu, Sep 25, 2014 at 11:33:34AM +0200, Jiri Denemark wrote:
On Thu, Sep 25, 2014 at 11:19:34 +0200, Pavel Hrdina wrote:
The changes in commit c7542573 introduced a segfault. Found by coverity.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/access/viraccessdriverpolkit.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index 2bc1842..2fd4fed 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -87,6 +87,12 @@ virAccessDriverPolkitGetCaller(const char *actionid, actionid); return -1; } + if (!pid) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX process ID available")); + goto cleanup; + } + if (virIdentityGetUNIXProcessID(identity, pid) < 0) goto cleanup; if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) @@ -94,12 +100,6 @@ virAccessDriverPolkitGetCaller(const char *actionid, if (virIdentityGetUNIXUserID(identity, uid) < 0) goto cleanup;
- if (!pid) {
I think Daniel rather wanted to check if (!*pid).
Yes, that's what the original code was doing. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On 09/25/2014 11:39 AM, Daniel P. Berrange wrote:
On Thu, Sep 25, 2014 at 11:33:34AM +0200, Jiri Denemark wrote:
On Thu, Sep 25, 2014 at 11:19:34 +0200, Pavel Hrdina wrote:
The changes in commit c7542573 introduced a segfault. Found by coverity.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/access/viraccessdriverpolkit.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index 2bc1842..2fd4fed 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -87,6 +87,12 @@ virAccessDriverPolkitGetCaller(const char *actionid, actionid); return -1; } + if (!pid) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX process ID available")); + goto cleanup; + } + if (virIdentityGetUNIXProcessID(identity, pid) < 0) goto cleanup; if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) @@ -94,12 +100,6 @@ virAccessDriverPolkitGetCaller(const char *actionid, if (virIdentityGetUNIXUserID(identity, uid) < 0) goto cleanup;
- if (!pid) {
I think Daniel rather wanted to check if (!*pid).
Yes, that's what the original code was doing.
So the correct fix is to report that error if function "virIdentityGetUNIXProcessID" fails. I'll post v2. Pavel
Regards, Daniel
participants (3)
-
Daniel P. Berrange -
Jiri Denemark -
Pavel Hrdina