On 01/14/2014 10:43 PM, Eric Blake wrote:
> Several APIs clear out a user input buffer before attempting to
> populate it; but in a few cases we missed this memset if we
> detect a reason for an early exit. Note that these APIs
> check for non-NULL arguments, and exit early with an error
> message when NULL is passed in; which means that we must be
> careful to avoid a NULL deref in order to get to that error
> message. Also, we were inconsistent on the use of
> sizeof(virType) vs. sizeof(expression); the latter is more
> robust if we ever change the type of the expression (although
> such action is unlikely since these types are part of our
> public API).
>
> * src/libvirt.c (virDomainGetInfo, virDomainGetBlockInfo)
> (virStoragePoolGetInfo, virStorageVolGetInfo)
> (virDomainGetJobInfo, virDomainGetBlockJobInfo): Move memset
> before any returns.
>
> Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
> ---
>
> v2 avoid null deref, prefer sizeof(expr)
>
> src/libvirt.c | 29 +++++++++++++++++------------
> 1 file changed, 17 insertions(+), 12 deletions(-)
>
> @@ -8449,12 +8450,12 @@ virDomainGetBlockInfo(virDomainPtr domain, const char *disk,
>
> virResetLastError();
>
if (info)
> + memset(info, 0, sizeof(*info));
> +
> virCheckDomainReturn(domain, -1);
> virCheckNonNullArgGoto(disk, error);
> virCheckNonNullArgGoto(info, error);
>
> - memset(info, 0, sizeof(virDomainBlockInfo));
> -
> conn = domain->conn;
>
> if (conn->driver->domainGetBlockInfo) {
Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list