[libvirt] unchecked malloc+syscall uses

[Daniel P. Berrange]

On Fri, Jun 26, 2009 at 05:45:59PM +0200, Jim Meyering wrote:
> I was looking through recent changes and spotted two potential
> NULL-dereferences in this change set:
> 
>     http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=70c01b4c1adea75e9
> 
> In src/opennebula/one_client.c:
> 
> +    one_client.url=(char *)malloc(64);
> +    snprintf(one_client.url, 63, "http://localhost:%d/RPC2", ONED_PORT);
> +#else
> +    one_client.url=(char *)"http://localhost:2633/RPC2";
> +#endif


Fortunetaly this one is within a #ifdef ONED_PORT, which is not defined
so the problem code won't be compiled. We should still kill it though


> --
> +    file_text=(char *)malloc(size+1);
> +    bytes_read=read(file, file_text, size);
> +    close(file);
> +
> +    if(bytes_read==size) {

Time for a syntax-check rule to blacklist malloc() & friends from all
code. I'd like to blacklist snprintf/sprintf too but there's still quite
alot of usage of those.

> 
> Perhaps of more immediate concern,
> these syscalls are not checked for failure:
> 
> +    file=open(template_file, O_RDONLY);
> +    size=lseek(file, 0, SEEK_END);
> +    lseek(file, 0, SEEK_SET);
> 
> and same for the "read" syscall above.

This particular method isn't used either - we switched the code to avoid
temporary files, so we should kill this too.

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|