--- src/security/security_apparmor.c | 20 ++-------- src/security/security_dac.c | 23 ++++-------- src/security/security_nop.c | 7 +--- src/security/security_selinux.c | 79 +++++++++++----------------------------- src/security/virt-aa-helper.c | 4 +- 5 files changed, 37 insertions(+), 96 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 5fb5db3..84faebd 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -446,24 +446,15 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, if ((profile_name = get_profile_name(def)) == NULL) return rc; - secdef->label = strndup(profile_name, strlen(profile_name)); - if (!secdef->label) { - virReportOOMError(); + if (VIR_STRDUP(secdef->label, profile_name) < 0) goto clean; - } /* set imagelabel the same as label (but we won't use it) */ - secdef->imagelabel = strndup(profile_name, - strlen(profile_name)); - if (!secdef->imagelabel) { - virReportOOMError(); + if (VIR_STRDUP(secdef->imagelabel, profile_name) < 0) goto err; - } - if (!secdef->model && !(secdef->model = strdup(SECURITY_APPARMOR_NAME))) { - virReportOOMError(); + if (!secdef->model && VIR_STRDUP(secdef->model, SECURITY_APPARMOR_NAME) < 0) goto err; - } /* Now that we have a label, load the profile into the kernel. */ if (load_profile(mgr, secdef->label, def, NULL, false) < 0) { @@ -933,10 +924,7 @@ AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, { char *opts; - if (!(opts = strdup(""))) { - virReportOOMError(); - return NULL; - } + ignore_value(VIR_STRDUP(opts, "")); return opts; } diff --git a/src/security/security_dac.c b/src/security/security_dac.c index cd214d8..c894517 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -76,11 +76,8 @@ int parseIds(const char *label, uid_t *uidPtr, gid_t *gidPtr) char *owner = NULL; char *group = NULL; - tmp_label = strdup(label); - if (tmp_label == NULL) { - virReportOOMError(); + if (VIR_STRDUP(tmp_label, label) < 0) goto cleanup; - } /* Split label */ sep = strchr(tmp_label, ':'); @@ -1051,18 +1048,12 @@ virSecurityDACGenLabel(virSecurityManagerPtr mgr, return rc; } - if (!seclabel->norelabel) { - if (seclabel->imagelabel == NULL && seclabel->label != NULL) { - seclabel->imagelabel = strdup(seclabel->label); - if (seclabel->imagelabel == NULL) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot generate dac user and group id " - "for domain %s"), def->name); - VIR_FREE(seclabel->label); - seclabel->label = NULL; - return rc; - } - } + if (!seclabel->norelabel && + seclabel->imagelabel == NULL && seclabel->label != NULL && + VIR_STRDUP(seclabel->imagelabel, seclabel->label) < 0) { + VIR_FREE(seclabel->label); + seclabel->label = NULL; + return rc; } return 0; diff --git a/src/security/security_nop.c b/src/security/security_nop.c index 2b9767e..233404c 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -20,7 +20,7 @@ #include <config.h> #include "security_nop.h" - +#include "virstring.h" #include "virerror.h" #define VIR_FROM_THIS VIR_FROM_SECURITY @@ -182,10 +182,7 @@ static char *virSecurityDomainGetMountOptionsNop(virSecurityManagerPtr mgr ATTRI { char *opts; - if (!(opts = strdup(""))) { - virReportOOMError(); - return NULL; - } + ignore_value(VIR_STRDUP(opts, "")); return opts; } diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index a85f0a3..dcec32b 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -202,10 +202,8 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, goto cleanup; } - if (!(*sens = strdup(context_range_get(ourContext)))) { - virReportOOMError(); + if (VIR_STRDUP(*sens, context_range_get(ourContext)) < 0) goto cleanup; - } /* Find and blank out the category part (if any) */ tmp = strchr(*sens, ':'); @@ -312,10 +310,7 @@ virSecuritySELinuxContextAddRange(security_context_t src, goto cleanup; } - if (!(ret = strdup(str))) { - virReportOOMError(); - goto cleanup; - } + ignore_value(VIR_STRDUP(ret, str)); cleanup: if (srccon) context_free(srccon); @@ -385,10 +380,8 @@ virSecuritySELinuxGenNewContext(const char *basecontext, _("Unable to format SELinux context")); goto cleanup; } - if (!(ret = strdup(str))) { - virReportOOMError(); + if (VIR_STRDUP(ret, str) < 0) goto cleanup; - } VIR_DEBUG("Generated context '%s'", ret); cleanup: freecon(ourSecContext); @@ -451,17 +444,10 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr) goto error; } - data->domain_context = strdup(scon->str); - data->file_context = strdup(tcon->str); - data->content_context = strdup(dcon->str); - if (!data->domain_context || - !data->file_context || - !data->content_context) { - virReportSystemError(errno, - _("cannot allocate memory for LXC SELinux contexts '%s'"), - selinux_lxc_contexts_path()); + if (VIR_STRDUP(data->domain_context, scon->str) < 0 || + VIR_STRDUP(data->file_context, tcon->str) < 0 || + VIR_STRDUP(data->content_context, dcon->str) < 0) goto error; - } if (!(data->mcs = virHashCreate(10, NULL))) goto error; @@ -520,11 +506,8 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr) *ptr = '\0'; ptr++; if (*ptr != '\0') { - data->alt_domain_context = strdup(ptr); - if (!data->alt_domain_context) { - virReportOOMError(); + if (VIR_STRDUP(data->alt_domain_context, ptr) < 0) goto error; - } ptr = strchrnul(data->alt_domain_context, '\n'); if (ptr && *ptr == '\n') *ptr = '\0'; @@ -544,11 +527,8 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr) ptr = strchrnul(data->file_context, '\n'); if (ptr && *ptr == '\n') { *ptr = '\0'; - data->content_context = strdup(ptr+1); - if (!data->content_context) { - virReportOOMError(); + if (VIR_STRDUP(data->content_context, ptr+1) < 0) goto error; - } ptr = strchrnul(data->content_context, '\n'); if (ptr && *ptr == '\n') *ptr = '\0'; @@ -643,11 +623,12 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr, } range = context_range_get(ctx); - if (!range || - !(mcs = strdup(range))) { + if (!range) { virReportOOMError(); goto cleanup; } + if (VIR_STRDUP(mcs, range) < 0) + goto cleanup; break; case VIR_DOMAIN_SECLABEL_DYNAMIC: @@ -711,10 +692,8 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr, } if (!seclabel->model && - !(seclabel->model = strdup(SECURITY_SELINUX_NAME))) { - virReportOOMError(); + VIR_STRDUP(seclabel->model, SECURITY_SELINUX_NAME) < 0) goto cleanup; - } rc = 0; @@ -1391,10 +1370,8 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virDomainDefPtr def, return -1; } } else { - if (!(path = strdup(dev->source.caps.u.storage.block))) { - virReportOOMError(); + if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0) return -1; - } } ret = virSecuritySELinuxSetFilecon(path, secdef->imagelabel); VIR_FREE(path); @@ -1409,10 +1386,8 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virDomainDefPtr def, return -1; } } else { - if (!(path = strdup(dev->source.caps.u.misc.chardev))) { - virReportOOMError(); + if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0) return -1; - } } ret = virSecuritySELinuxSetFilecon(path, secdef->imagelabel); VIR_FREE(path); @@ -1559,10 +1534,8 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr, return -1; } } else { - if (!(path = strdup(dev->source.caps.u.storage.block))) { - virReportOOMError(); + if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0) return -1; - } } ret = virSecuritySELinuxRestoreSecurityFileLabel(mgr, path); VIR_FREE(path); @@ -1577,10 +1550,8 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr, return -1; } } else { - if (!(path = strdup(dev->source.caps.u.misc.chardev))) { - virReportOOMError(); + if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0) return -1; - } } ret = virSecuritySELinuxRestoreSecurityFileLabel(mgr, path); VIR_FREE(path); @@ -2366,7 +2337,7 @@ virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr, const char *range; context_t ctx = NULL; char *label = NULL; - const char *mcs = NULL; + char *mcs = NULL; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (secdef == NULL) @@ -2380,11 +2351,8 @@ virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr, } range = context_range_get(ctx); if (range) { - mcs = strdup(range); - if (!mcs) { - virReportOOMError(); + if (VIR_STRDUP(mcs, range) < 0) goto cleanup; - } if (!(label = virSecuritySELinuxGenNewContext(data->file_context, mcs, true))) goto cleanup; @@ -2392,9 +2360,9 @@ virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr, } cleanup: - context_free(ctx); - VIR_FREE(mcs); - return label; + context_free(ctx); + VIR_FREE(mcs); + return label; } static char * @@ -2417,11 +2385,8 @@ virSecuritySELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr, } } - if (!opts && - !(opts = strdup(""))) { - virReportOOMError(); + if (!opts && VIR_STRDUP(opts, "") < 0) return NULL; - } VIR_DEBUG("imageLabel=%s opts=%s", secdef ? secdef->imagelabel : "(null)", opts); diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index b526919..63594ce 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -773,7 +773,7 @@ vah_add_file(virBufferPtr buf, const char *path, const char *perms) return rc; } } else - if ((tmp = strdup(path)) == NULL) + if (VIR_STRDUP_QUIET(tmp, path) < 0) return rc; if (strchr(perms, 'w') != NULL) @@ -1103,7 +1103,7 @@ vahParseArgv(vahControl * ctl, int argc, char **argv) break; case 'f': case 'F': - if ((ctl->newfile = strdup(optarg)) == NULL) + if (VIR_STRDUP_QUIET(ctl->newfile, optarg) < 0) vah_error(ctl, 1, _("could not allocate memory for disk")); ctl->append = arg == 'F'; break; -- 1.8.1.5 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list