On 07/10/2014 04:04 PM, Michal Privoznik wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1066894 > > With current code it's possible to have for instance: > > virsh dumpxml mydomain | grep seclabel > <seclabel type='dynamic' model='selinux' relabel='yes'/> > <seclabel type='dynamic' model='selinux' relabel='yes'/> > <seclabel type='dynamic' model='selinux' relabel='yes'/> > <seclabel type='dynamic' model='selinux' relabel='yes'/> > <seclabel type='dynamic' model='selinux' relabel='yes'/> > > what doesn't make any sense. We should reject the XML in the config s/what/which/ > parsing phase. > > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> > --- > src/conf/domain_conf.c | 18 ++++++++-- > .../qemuxml2argv-seclabel-multiple.xml | 40 ++++++++++++++++++++++ > tests/qemuxml2argvtest.c | 1 + > 3 files changed, 56 insertions(+), 3 deletions(-) > create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-multiple.xml > > @@ -4689,10 +4689,22 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def, > > /* Parse each "seclabel" tag */ > for (i = 0; i < n; i++) { > + virSecurityLabelDefPtr seclabel; > + > ctxt->node = list[i]; > - def->seclabels[i] = virSecurityLabelDefParseXML(ctxt, flags); > - if (def->seclabels[i] == NULL) > + if (!(seclabel = virSecurityLabelDefParseXML(ctxt, flags))) > goto error; > + > + for (j = 0; j < i; j++) { > + if (STREQ_NULLABLE(seclabel->model, def->seclabels[j]->model)) { > + virReportError(VIR_ERR_XML_DETAIL, > + _("seclablel for model %s is already provided"), > + seclabel->model); virSecurityLabelDefFree(seclabel); > + goto error; > + } > + } > + > + def->seclabels[i] = seclabel; > } > def->nseclabels = n; > ctxt->node = saved_node; ACK with the leak fixed. Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list