Re: [PATCHv3] conf: prevent crash with no uuid in cephx auth secret

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/03/12 13:35, Ján Tomko wrote:
Fix the null pointer access when UUID is not specified.
Introduce a bool 'uuidUsable' to virStoragePoolAuthCephx that indicates
if uuid was specified or not and use it instead of the pointless
comparison of the static UUID array to NULL.
Add an error message if both uuid and usage are specified.

Fixes:
Error: FORWARD_NULL (CWE-476):
libvirt-0.10.2/src/conf/storage_conf.c:461: var_deref_model: Passing
     null pointer "uuid" to function "virUUIDParse(char const *, unsigned
     char *)", which dereferences it. (The dereference is assumed on the
     basis of the 'nonnull' parameter attribute.)
Error: NO_EFFECT (CWE-398):
     libvirt-0.10.2/src/conf/storage_conf.c:979: array_null: Comparing an
     array to null is not useful: "src->auth.cephx.secret.uuid != NULL".
---
  src/conf/storage_conf.c           |   20 +++++++++++++++-----
  src/conf/storage_conf.h           |    1 +
  src/storage/storage_backend_rbd.c |    6 ++----
  3 files changed, 18 insertions(+), 9 deletions(-)

Now it looks OK to me. ACK.

Peter

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]