Every security driver has domainGenSecurityLabel defined.
Coverity complains about a possible leak of seclabel if
!sec_managers[i]->drv->domainGenSecurityLabel is true
and the seclabel might be overwritten by the next iteration
of the loop.
---
src/security/security_manager.c | 28 ++++++++++++----------------
1 file changed, 12 insertions(+), 16 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index d68c7e9..24855db 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -512,24 +512,20 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
}
}
- if (!sec_managers[i]->drv->domainGenSecurityLabel) {
- virReportUnsupportedError();
- } else {
- /* The seclabel must be added to @vm prior calling domainGenSecurityLabel
- * which may require seclabel to be presented already */
- if (generated &&
- VIR_APPEND_ELEMENT(vm->seclabels, vm->nseclabels, seclabel) < 0)
- goto cleanup;
-
- if (sec_managers[i]->drv->domainGenSecurityLabel(sec_managers[i], vm) < 0) {
- if (VIR_DELETE_ELEMENT(vm->seclabels,
- vm->nseclabels -1, vm->nseclabels) < 0)
- vm->nseclabels--;
- goto cleanup;
- }
+ /* The seclabel must be added to @vm prior calling domainGenSecurityLabel
+ * which may require seclabel to be presented already */
+ if (generated &&
+ VIR_APPEND_ELEMENT(vm->seclabels, vm->nseclabels, seclabel) < 0)
+ goto cleanup;
- seclabel = NULL;
+ if (sec_managers[i]->drv->domainGenSecurityLabel(sec_managers[i], vm) < 0) {
+ if (VIR_DELETE_ELEMENT(vm->seclabels,
+ vm->nseclabels -1, vm->nseclabels) < 0)
+ vm->nseclabels--;
+ goto cleanup;
}
+
+ seclabel = NULL;
}
ret = 0;
--
1.8.3.2
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list