[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] Fix libvirtd crash possibility



When generating RPC protocol messages, it's strictly needed to have
continuousline of numbers or RPC messages. However in case anyone
tries backporting some functionality and will skip a number, there is
a possibility to make the daemon segfault with newer virsh (version of
the library, rpc call, etc.) even unintentionally.

The problem is that the skipped numbers will get func filled with
NULLs, but there is no check whether these are set before the daemon
tries to run them. This patch very simply enhances one check and fixes
that.

I haven't investigated into such a deepness to say if the possibility
comes as well with hacked RPC call (calling event instead of
function), but this patch gets rid of both these problems.
---
 src/rpc/virnetserverprogram.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/rpc/virnetserverprogram.c b/src/rpc/virnetserverprogram.c
index d13b621..bc85df0 100644
--- a/src/rpc/virnetserverprogram.c
+++ b/src/rpc/virnetserverprogram.c
@@ -1,7 +1,7 @@
 /*
  * virnetserverprogram.c: generic network RPC server program
  *
- * Copyright (C) 2006-2011 Red Hat, Inc.
+ * Copyright (C) 2006-2012 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -379,7 +379,7 @@ virNetServerProgramDispatchCall(virNetServerProgramPtr prog,

     dispatcher = virNetServerProgramGetProc(prog, msg->header.proc);

-    if (!dispatcher) {
+    if (!dispatcher || !dispatcher->func) {
         virReportError(VIR_ERR_RPC,
                        _("unknown procedure: %d"),
                        msg->header.proc);
-- 
1.7.12


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]