[Libvir] PATCH: Fix crash if client acl check fails
Daniel P. Berrange
berrange at redhat.com
Wed Jul 11 19:46:00 UTC 2007
There was a couple of places where if the ACL check for an incoming client
failed, it would go on and register the client's FD in the event loop
anyway. The trouble is, after the ACL failed, the client had been forcably
disconnected & the client struct free'd, so the daemon died in the event
loop a short time later. This patch fixes it & makes a couple of other
places more paranoid about checking too
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
-------------- next part --------------
diff -u -p -r1.52 qemud.c
--- qemud/qemud.c 26 Jun 2007 23:48:47 -0000 1.52
+++ qemud/qemud.c 11 Jul 2007 19:32:30 -0000
@@ -971,7 +985,6 @@ static int qemudDispatchServer(struct qe
/* Unlikely, but ... Next step is to check the certificate. */
if (remoteCheckAccess (client) == -1)
goto cleanup;
-
if (qemudRegisterClientEvent(server, client, 0) < 0)
goto cleanup;
} else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
@@ -1054,7 +1067,7 @@ static int qemudClientRead(struct qemud_
client->direction = gnutls_record_get_direction (client->session);
if (qemudRegisterClientEvent (server, client, 1) < 0)
qemudDispatchClientFailure (server, client);
- if (ret <= 0) {
+ else if (ret <= 0) {
if (ret == 0 || (ret != GNUTLS_E_AGAIN &&
ret != GNUTLS_E_INTERRUPTED)) {
if (ret != 0)
@@ -1166,7 +1179,7 @@ static void qemudDispatchClientRead(stru
/* Finished. Next step is to check the certificate. */
if (remoteCheckAccess (client) == -1)
qemudDispatchClientFailure (server, client);
- if (qemudRegisterClientEvent (server, client, 1) < 0)
+ else if (qemudRegisterClientEvent (server, client, 1) < 0)
qemudDispatchClientFailure (server, client);
} else if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED) {
qemudLog (QEMUD_ERR, "TLS handshake failed: %s",
@@ -1209,7 +1222,7 @@ static int qemudClientWrite(struct qemud
client->direction = gnutls_record_get_direction (client->session);
if (qemudRegisterClientEvent (server, client, 1) < 0)
qemudDispatchClientFailure (server, client);
- if (ret < 0) {
+ else if (ret < 0) {
if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN) {
qemudLog (QEMUD_ERR, "gnutls_record_send: %s",
gnutls_strerror (ret));
@@ -1253,8 +1266,7 @@ static void qemudDispatchClientWrite(str
/* Finished. Next step is to check the certificate. */
if (remoteCheckAccess (client) == -1)
qemudDispatchClientFailure (server, client);
-
- if (qemudRegisterClientEvent (server, client, 1))
+ else if (qemudRegisterClientEvent (server, client, 1))
qemudDispatchClientFailure (server, client);
} else if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED) {
qemudLog (QEMUD_ERR, "TLS handshake failed: %s",
More information about the libvir-list
mailing list