[libvirt] [PATCH] util: Avoid libvirtd crash
Alex Jia
ajia at redhat.com
Sat Apr 28 11:01:40 UTC 2012
In fact, the 'tapfd' is always NULL, the function 'virNetDevTapCreate()' hasn't
assign 'fd' to 'tapfd', when the function 'virNetDevSetMAC()' is failed then
goto 'error' lable, finally, the VIR_FORCE_CLOSE() will deref a NULL 'tapfd'.
* util/virnetdevtap.c (virNetDevTapCreateInBridgePort): fix a NULL pointer derefing.
* How to reproduce?
$ cat > /tmp/net.xml <<EOF
<network>
<name>test</name>
<forward mode='nat'/>
<bridge name='br1' stp='off' delay='1' />
<mac address='00:00:00:00:00:00'/>
<ip address='192.168.100.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.100.2' end='192.168.100.254' />
</dhcp>
</ip>
</network>
EOF
$ virsh net-define /tmp/net.xml
$ virsh net-start test
error: Failed to start network brTest
error: End of file while reading data: Input/output error
Signed-off-by: Alex Jia <ajia at redhat.com>
---
src/util/virnetdevtap.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c
index 0b3ac46..5d21164 100644
--- a/src/util/virnetdevtap.c
+++ b/src/util/virnetdevtap.c
@@ -341,7 +341,8 @@ int virNetDevTapCreateInBridgePort(const char *brname,
return 0;
error:
- VIR_FORCE_CLOSE(*tapfd);
+ if (tapfd)
+ VIR_FORCE_CLOSE(*tapfd);
return errno;
}
--
1.7.1
More information about the libvir-list
mailing list