[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Avoid crash in security driver if model is NULL



On 01/18/2011 11:04 AM, Daniel P. Berrange wrote:
> If the XML security model is NULL, it is assumed that the current
> model will be used with dynamic labelling. The verify step is
> meaningless and potentially crashes if dereferencing NULL
> 
> * src/security/security_manager.c: Skip NULL model on verify
> ---
>  src/security/security_manager.c |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 66cffb5..1bc0ebb 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -309,6 +309,13 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
>  int virSecurityManagerVerify(virSecurityManagerPtr mgr,
>                               virDomainDefPtr def)
>  {
> +    /* NULL model == dynamic labelling, with whatever drive

s/drive/driver/

/me repeats to myself: I promise to overlook US vs. UK spelling
differences such as labeling, when the difference only occurs in a
comment and not in the API or a translated string

> +     * is active, so we can short circuit verify check to
> +     * avoid drivers dereferencing NULLs by accident
> +     */

ACK.

-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]