[libvirt] [PATCH] qemu: Add extra checks for secret destroy API's

Tue May 10 19:08:05 UTC 2016

On 05/10/2016 02:52 PM, John Ferlan wrote:
> Remove the possibility that a NULL hostdev->privateData or a
> disk->privateData could crash libvirtd by checking for NULL
> before dereferencing for the secinfo structure in the
> qemuDomainSecret{Disk|Hostdev}Destroy functions. The hostdevPriv
> could be NULL if qemuProcessNetworkPrepareDevices adds a new
> hostdev during virDomainNetGetActualHostdev that then gets
> inserted via virDomainHostdevInsert. The hostdevPriv was added
> by commit id '27726d8' and is currently only used by scsi hostdev.
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
>   
>   Discovered by laine and debugged on private IRC channel.
>
>   src/qemu/qemu_domain.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index 93f0a01..0cddb86 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -903,7 +903,7 @@ qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk)
>   {
>       qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
>   
> -    if (!diskPriv->secinfo)
> +    if (!diskPriv || !diskPriv->secinfo)
>           return;
>   
>       qemuDomainSecretInfoFree(&diskPriv->secinfo);

I was thinking maybe this instead:

            if (diskPriv && diskPriv->secinfo)
                 qemuDomainSecretInfoFree(&diskPriv->secinfo);

but yours works too. Either way, ACK.

> @@ -964,7 +964,7 @@ qemuDomainSecretHostdevDestroy(virDomainHostdevDefPtr hostdev)
>       qemuDomainHostdevPrivatePtr hostdevPriv =
>           QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev);
>   
> -    if (!hostdevPriv->secinfo)
> +    if (!hostdevPriv || !hostdevPriv->secinfo)
>           return;
>   
>       qemuDomainSecretInfoFree(&hostdevPriv->secinfo);