I noticed a bunch of unchecked strdup's in a row, and audited the rest of the file: Handle failed strdup and malloc. * src/remote_internal.c: Don't dereference NULL after failed strdup or malloc in doRemoteOpen. --- src/remote_internal.c | 22 ++++++++++++++++++++++ 1 files changed, 22 insertions(+), 0 deletions(-) diff --git a/src/remote_internal.c b/src/remote_internal.c index 1420a88..bd8b5a7 100644 --- a/src/remote_internal.c +++ b/src/remote_internal.c @@ -522,6 +522,10 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv, const char *uri_str sockname = strdup (LIBVIRTD_PRIV_UNIX_SOCKET_RO); else sockname = strdup (LIBVIRTD_PRIV_UNIX_SOCKET); + if (sockname == NULL) { + error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno)); + goto failed; + } } } @@ -576,10 +580,19 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv, const char *uri_str if (no_tty) nr_args += 5; /* For -T -o BatchMode=yes -e none */ command = command ? : strdup ("ssh"); + if (command == NULL) { + error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno)); + goto failed; + } // Generate the final command argv[] array. // ssh -p $port [-l $username] $hostname $netcat -U $sockname [NULL] cmd_argv = malloc (nr_args * sizeof (char *)); + if (cmd_argv == NULL) { + error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno)); + goto failed; + } + j = 0; cmd_argv[j++] = strdup (command); cmd_argv[j++] = strdup ("-p"); @@ -601,6 +614,11 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv, const char *uri_str cmd_argv[j++] = strdup (sockname ? sockname : LIBVIRTD_PRIV_UNIX_SOCKET); cmd_argv[j++] = 0; assert (j == nr_args); + for (j = 0; j < nr_args; j++) + if (cmd_argv[j] == NULL) { + error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (ENOMEM)); + goto failed; + } } /*FALLTHROUGH*/ @@ -633,6 +651,10 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv, const char *uri_str // Run the external process. if (!cmd_argv) { cmd_argv = malloc (2 * sizeof (char *)); + if (cmd_argv == NULL) { + error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno)); + goto failed; + } cmd_argv[0] = command; cmd_argv[1] = 0; } -- 1.5.3.5.666.gfb5f -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list