[PATCH 08/12] virSecurityLabelDefParseXML: Don't use 'virXPathStringLimit'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



virXPathStringLimit doesn't give callers a way to differentiate between
the queried XPath being empty and the length limit being exceeded.

This means that callers are either overwriting the error message or
ignoring it altogether.

Move the length checks into the caller.

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/conf/domain_conf.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index ee44bbbd4b..bd9da0744d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7871,9 +7871,9 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
     if (seclabel->type == VIR_DOMAIN_SECLABEL_STATIC ||
         (!(flags & VIR_DOMAIN_DEF_PARSE_INACTIVE) &&
          seclabel->type != VIR_DOMAIN_SECLABEL_NONE)) {
-        seclabel->label = virXPathStringLimit("string(./label[1])",
-                                              VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
-        if (!seclabel->label) {
+        seclabel->label = virXPathString("string(./label[1])", ctxt);
+        if (!seclabel->label ||
+            strlen(seclabel->label) >= VIR_SECURITY_LABEL_BUFLEN - 1) {
             virReportError(VIR_ERR_XML_ERROR,
                            "%s", _("security label is missing"));
             return NULL;
@@ -7884,9 +7884,10 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
     if (seclabel->relabel &&
         (!(flags & VIR_DOMAIN_DEF_PARSE_INACTIVE) &&
          seclabel->type != VIR_DOMAIN_SECLABEL_NONE)) {
-        seclabel->imagelabel = virXPathStringLimit("string(./imagelabel[1])",
-                                                   VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
-        if (!seclabel->imagelabel) {
+        seclabel->imagelabel = virXPathString("string(./imagelabel[1])", ctxt);
+
+        if (!seclabel->imagelabel ||
+            strlen(seclabel->imagelabel) >= VIR_SECURITY_LABEL_BUFLEN - 1) {
             virReportError(VIR_ERR_XML_ERROR,
                            "%s", _("security imagelabel is missing"));
             return NULL;
@@ -7895,8 +7896,13 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,

     /* Only parse baselabel for dynamic label type */
     if (seclabel->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
-        seclabel->baselabel = virXPathStringLimit("string(./baselabel[1])",
-                                                  VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
+        seclabel->baselabel = virXPathString("string(./baselabel[1])", ctxt);
+
+        if (seclabel->baselabel &&
+            strlen(seclabel->baselabel) >= VIR_SECURITY_LABEL_BUFLEN - 1) {
+            g_free(seclabel->baselabel);
+            seclabel->baselabel = NULL;
+        }
     }

     return g_steal_pointer(&seclabel);
-- 
2.31.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux