Re: [PATCH] polkit_driver: fix possible segfault

Pavel Hrdina <phrdina@xxxxxxxxxx> · Thu, 25 Sep 2014 11:43:17 +0200

On 09/25/2014 11:39 AM, Daniel P. Berrange wrote:
On Thu, Sep 25, 2014 at 11:33:34AM +0200, Jiri Denemark wrote:
On Thu, Sep 25, 2014 at 11:19:34 +0200, Pavel Hrdina wrote:
The changes in commit c7542573 introduced a segfault. Found by coverity.

Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
---
  src/access/viraccessdriverpolkit.c | 12 ++++++------
  1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
index 2bc1842..2fd4fed 100644
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@@ -87,6 +87,12 @@ virAccessDriverPolkitGetCaller(const char *actionid,
                         actionid);
          return -1;
      }
+    if (!pid) {
+        virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("No UNIX process ID available"));
+        goto cleanup;
+    }
+
      if (virIdentityGetUNIXProcessID(identity, pid) < 0)
          goto cleanup;
      if (virIdentityGetUNIXProcessTime(identity, startTime) < 0)
@@ -94,12 +100,6 @@ virAccessDriverPolkitGetCaller(const char *actionid,
      if (virIdentityGetUNIXUserID(identity, uid) < 0)
          goto cleanup;

-    if (!pid) {

I think Daniel rather wanted to check if (!*pid).

Yes, that's what the original code was doing.


So the correct fix is to report that error if function
"virIdentityGetUNIXProcessID" fails. I'll post v2.

Pavel


Regards,
Daniel


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list







