When <uuid> is not in the XML, a virUUIDGenerate() ends up being called which is unnecessary and can lead to crashes if /dev/urandom isn't available because virRandomInitialize() is not called within virt-aa-helper. This patch adds verify_xpath_context() and updates caps_mockup() to use it. This is https://launchpad.net/bugs/672943 -- Jamie Strandboge | http://www.canonical.com
Author: Jamie Strandboge <jamie@xxxxxxxxxxxxx> Description: virt-aa-helper should require <uuid> in XML When <uuid> is not in the XML, a virUUIDGenerate() ends up being called which is unnecessary and can lead to crashes if /dev/urandom isn't available because virRandomInitialize() is not called within virt-aa-helper. This patch adds verify_xpath_context() and updates caps_mockup() to use it. Bug-Ubuntu: https://launchpad.net/bugs/672943 diff -Naurp libvirt.orig/src/security/virt-aa-helper.c libvirt/src/security/virt-aa-helper.c --- libvirt.orig/src/security/virt-aa-helper.c 2010-11-11 12:32:13.000000000 -0600 +++ libvirt/src/security/virt-aa-helper.c 2010-11-11 13:28:10.000000000 -0600 @@ -605,6 +605,37 @@ catchXMLError (void *ctx, const char *ms } } +static int +verify_xpath_context(xmlXPathContextPtr ctxt) +{ + int rc = -1; + char *tmp = NULL; + + if (!ctxt) { + vah_warning("Invalid context"); + goto error; + } + + /* check if have <name> */ + if (!(tmp = virXPathString("string(./name[1])", ctxt))) { + vah_warning("Could not find <name>"); + goto error; + } + VIR_FREE(tmp); + + /* check if have <uuid> */ + if (!(tmp = virXPathString("string(./uuid[1])", ctxt))) { + vah_warning("Could not find <uuid>"); + goto error; + } + VIR_FREE(tmp); + + rc = 0; + + error: + return rc; +} + /* * Parse the xml we received to fill in the following: * ctl->hvm @@ -653,6 +684,10 @@ caps_mockup(vahControl * ctl, const char } ctxt->node = root; + /* Quick sanity check for some required elements */ + if (verify_xpath_context(ctxt) != 0) + goto cleanup; + ctl->hvm = virXPathString("string(./os/type[1])", ctxt); if (!ctl->hvm || STRNEQ(ctl->hvm, "hvm")) { vah_error(ctl, 0, "os.type is not 'hvm'");
Attachment:
signature.asc
Description: This is a digitally signed message part
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list