[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libvir] PATCH: Fix crash if client acl check fails



There was a couple of places where if the ACL check for an incoming client
failed, it would go on and register the client's FD in the event loop
anyway. The trouble is, after the ACL failed, the client had been forcably
disconnected & the client struct free'd, so the daemon died in the event
loop a short time later. This patch fixes it & makes a couple of other
places more paranoid about checking too

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 
diff -u -p -r1.52 qemud.c
--- qemud/qemud.c	26 Jun 2007 23:48:47 -0000	1.52
+++ qemud/qemud.c	11 Jul 2007 19:32:30 -0000
@@ -971,7 +985,6 @@ static int qemudDispatchServer(struct qe
             /* Unlikely, but ...  Next step is to check the certificate. */
             if (remoteCheckAccess (client) == -1)
                 goto cleanup;
-
             if (qemudRegisterClientEvent(server, client, 0) < 0)
                 goto cleanup;
         } else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
@@ -1054,7 +1067,7 @@ static int qemudClientRead(struct qemud_
         client->direction = gnutls_record_get_direction (client->session);
         if (qemudRegisterClientEvent (server, client, 1) < 0)
             qemudDispatchClientFailure (server, client);
-        if (ret <= 0) {
+        else if (ret <= 0) {
             if (ret == 0 || (ret != GNUTLS_E_AGAIN &&
                              ret != GNUTLS_E_INTERRUPTED)) {
                 if (ret != 0)
@@ -1166,7 +1179,7 @@ static void qemudDispatchClientRead(stru
             /* Finished.  Next step is to check the certificate. */
             if (remoteCheckAccess (client) == -1)
                 qemudDispatchClientFailure (server, client);
-            if (qemudRegisterClientEvent (server, client, 1) < 0)
+            else if (qemudRegisterClientEvent (server, client, 1) < 0)
                 qemudDispatchClientFailure (server, client);
         } else if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED) {
             qemudLog (QEMUD_ERR, "TLS handshake failed: %s",
@@ -1209,7 +1222,7 @@ static int qemudClientWrite(struct qemud
         client->direction = gnutls_record_get_direction (client->session);
         if (qemudRegisterClientEvent (server, client, 1) < 0)
             qemudDispatchClientFailure (server, client);
-        if (ret < 0) {
+        else if (ret < 0) {
             if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN) {
                 qemudLog (QEMUD_ERR, "gnutls_record_send: %s",
                           gnutls_strerror (ret));
@@ -1253,8 +1266,7 @@ static void qemudDispatchClientWrite(str
             /* Finished.  Next step is to check the certificate. */
             if (remoteCheckAccess (client) == -1)
                 qemudDispatchClientFailure (server, client);
-
-            if (qemudRegisterClientEvent (server, client, 1))
+            else if (qemudRegisterClientEvent (server, client, 1))
                 qemudDispatchClientFailure (server, client);
         } else if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED) {
             qemudLog (QEMUD_ERR, "TLS handshake failed: %s",

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]