On Tue, Jan 14, 2025 at 03:06:09PM +0100, Adam Julis wrote:
> Ensure that the value in the secret object is validated not only for NULL
> but also for its size. An empty value may not always be NULL, if it has
> been manually deleted from the .base64 file.
This sounds a bit wierd - can you explain in more detail what the bug
scenario is ?
> Signed-off-by: Adam Julis <ajulis@xxxxxxxxxx>
> ---
> src/conf/virsecretobj.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c
> index 455798d414..3cb1ec2b4b 100644
> --- a/src/conf/virsecretobj.c
> +++ b/src/conf/virsecretobj.c
> @@ -719,7 +719,7 @@ virSecretObjGetValue(virSecretObj *obj)
> virSecretDef *def = obj->def;
> unsigned char *ret = NULL;
>
> - if (!obj->value) {
> + if (!obj->value || (obj->value_size < 1 )) {
My gut feeling is that if there is a bug, then it lies in whatever
code created the non-NULL obj->value PTR, while setting value_size == 0
IOW, fix the place that created the bad data originally, rather than
the place were we access it.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
