[libvirt] [PATCHv3] conf: prevent crash with no uuid in cephx auth secret
Peter Krempa
pkrempa at redhat.com
Mon Dec 3 14:04:19 UTC 2012
On 12/03/12 13:35, Ján Tomko wrote:
> Fix the null pointer access when UUID is not specified.
> Introduce a bool 'uuidUsable' to virStoragePoolAuthCephx that indicates
> if uuid was specified or not and use it instead of the pointless
> comparison of the static UUID array to NULL.
> Add an error message if both uuid and usage are specified.
>
> Fixes:
> Error: FORWARD_NULL (CWE-476):
> libvirt-0.10.2/src/conf/storage_conf.c:461: var_deref_model: Passing
> null pointer "uuid" to function "virUUIDParse(char const *, unsigned
> char *)", which dereferences it. (The dereference is assumed on the
> basis of the 'nonnull' parameter attribute.)
> Error: NO_EFFECT (CWE-398):
> libvirt-0.10.2/src/conf/storage_conf.c:979: array_null: Comparing an
> array to null is not useful: "src->auth.cephx.secret.uuid != NULL".
> ---
> src/conf/storage_conf.c | 20 +++++++++++++++-----
> src/conf/storage_conf.h | 1 +
> src/storage/storage_backend_rbd.c | 6 ++----
> 3 files changed, 18 insertions(+), 9 deletions(-)
>
Now it looks OK to me. ACK.
Peter
More information about the libvir-list
mailing list