2010/5/26 Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>:
> Getting paranoid now... Clear possibly partially parsed UUIDs. Question
> is whether to do this in the parsing function itself.
>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
>
> ---
> src/util/uuid.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> Index: libvirt-acl/src/util/uuid.c
> ===================================================================
> --- libvirt-acl.orig/src/util/uuid.c
> +++ libvirt-acl/src/util/uuid.c
> @@ -289,14 +289,19 @@ virSetHostUUIDStr(const char *uuid)
> if (!getDMISystemUUID(dmiuuid, sizeof(dmiuuid))) {
> if (!virUUIDParse(dmiuuid, host_uuid))
> return 0;
> + // clear partially parsed UUID
> + memset(host_uuid, 0x0, sizeof(host_uuid));
> }
>
> if (!virUUIDIsValid(host_uuid))
> return virUUIDGenerate(host_uuid);
> } else {
> rc = virUUIDParse(uuid, host_uuid);
> - if (rc)
> + if (rc) {
> + // clear partially parsed UUID
> + memset(host_uuid, 0x0, sizeof(host_uuid));
> return rc;
> + }
> if (!virUUIDIsValid(host_uuid))
> return EINVAL;
> }
>
If we want to be paranoid we should do the memset in virUUIDParse itself.
I just grepped for virUUIDParse and found issue: virUUIDParse is used
in some places without checking the return value.
Matthias
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list