[libvirt] [PATCH] virsh: check actual access to the cert
Eric Blake
eblake at redhat.com
Fri May 6 16:47:21 UTC 2011
Subject is wrong - this is remote, not virsh (that is, more than just
virsh is impacted by this change).
On 05/06/2011 10:24 AM, Doug Goldstein wrote:
> Instead of calling stat(), check that we'll actually be able to access
> and read the file.
>
> Signed-off-by: Doug Goldstein <cardoe at gentoo.org>
> ---
> src/remote/remote_driver.c | 3 +--
> 1 files changed, 1 insertions(+), 2 deletions(-)
>
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index 9965d38..c4e43aa 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -1140,8 +1140,7 @@ static gnutls_certificate_credentials_t x509_cred;
> static int
> check_cert_file(const char *type, const char *file)
> {
> - struct stat sb;
> - if (stat(file, &sb) < 0) {
> + if (access(file, F_OK|R_OK)) {
F_OK|R_OK is forbidden by POSIX (true, F_OK is usually 0, in which case
it happens to work, but POSIX allows an implementation where F_OK is
non-zero, and states that you either use F_OK or a combination of the
other three [RWX]_OK). Here, you only need R_OK (since if you can read
the file, it must exist).
access() is in general not the best function to use from a library, when
compared to faccessat(,AT_EACCESS) [aka eaccess or euidaccess], because
the former doesn't work well in the face of effective uid different from
real uid while the latter does (normally, you want the answer for the
effective uid, not the real uid, if your library was linked into an
application that plays games with ids). But none of the rest of libvirt
makes that distinction, so you're in good company.
So ACK with those nits fixed, and pushed.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110506/25ca9910/attachment-0001.sig>
More information about the libvir-list
mailing list