[libvirt] [PATCHv3] conf: prevent crash with no uuid in cephx auth secret
Peter Krempa
pkrempa at redhat.com
Mon Dec 3 14:15:19 UTC 2012
On 12/03/12 15:04, Peter Krempa wrote:
> On 12/03/12 13:35, Ján Tomko wrote:
>> Fix the null pointer access when UUID is not specified.
>> Introduce a bool 'uuidUsable' to virStoragePoolAuthCephx that indicates
>> if uuid was specified or not and use it instead of the pointless
>> comparison of the static UUID array to NULL.
>> Add an error message if both uuid and usage are specified.
>>
>> Fixes:
>> Error: FORWARD_NULL (CWE-476):
>> libvirt-0.10.2/src/conf/storage_conf.c:461: var_deref_model: Passing
>> null pointer "uuid" to function "virUUIDParse(char const *, unsigned
>> char *)", which dereferences it. (The dereference is assumed on the
>> basis of the 'nonnull' parameter attribute.)
>> Error: NO_EFFECT (CWE-398):
>> libvirt-0.10.2/src/conf/storage_conf.c:979: array_null: Comparing an
>> array to null is not useful: "src->auth.cephx.secret.uuid != NULL".
>> ---
>> src/conf/storage_conf.c | 20 +++++++++++++++-----
>> src/conf/storage_conf.h | 1 +
>> src/storage/storage_backend_rbd.c | 6 ++----
>> 3 files changed, 18 insertions(+), 9 deletions(-)
>>
>
> Now it looks OK to me. ACK.
>
> Peter
>
And pushed.
More information about the libvir-list
mailing list