There's a problem in mount_root(): the return value of fopen() is
not checked rather than used directly. Not only this interferes
with pattern laid out by other areas of the code, but it's
possibly dangerous too. If opening the config file fails, @fp may
be dereferenced directly.
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
libvirt-sandbox/libvirt-sandbox-init-qemu.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c
index 054dd67..864db42 100644
--- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c
+++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c
@@ -217,6 +217,8 @@ mount_entry(const char *source,
}
}
+#define MOUNTS_CONFIG_FILE SANDBOXCONFIGDIR "/mounts.cfg"
+
static void
mount_root(const char *path)
{
@@ -226,7 +228,14 @@ mount_root(const char *path)
mount_mkdir(SANDBOXCONFIGDIR, 0755);
mount_9pfs("sandbox:config", SANDBOXCONFIGDIR, 0755, 1);
- FILE *fp = fopen(SANDBOXCONFIGDIR "/mounts.cfg", "r");
+ FILE *fp = fopen(MOUNTS_CONFIG_FILE, "r");
+
+ if (!fp) {
+ fprintf(stderr, "libvirt-sandbox-init-qemu: %s: can't open %s: %s",
+ __func__, MOUNTS_CONFIG_FILE, strerror(errno));
+ exit_poweroff();
+ }
+
while (fgets(line, sizeof line, fp) && !foundRoot) {
char *source = line;
char *target = strchr(source, '\t');
--
2.4.9
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list