[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] security:selinux: Fix crash when tcon is NULL

On Sat, Nov 08, 2014 at 06:17:26PM +0800, Luyao Huang wrote:

Libvirtd will crash when parameter tcon = NULL in virSecuritySELinuxSetFileconHelper
function, because libvirt do not check the first parameter when use strcmp().
Add a check for tcon before use strcmp() and output a error in log when tcon is NULL.

Signed-off-by: Luyao Huang <lhuang redhat com>
src/security/security_selinux.c | 5 +++++
1 file changed, 5 insertions(+)

NACK, calling virSecuritySELinuxSetFileconHelper() with NULL doesn't
make sense at all.  If you are trying to just fix a possible future
errot, then the check for non-NULL parameters needs to be done when
the function is starting.  But I doubt it's useful.  It's another
story if you managed to cause such call to this function.

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index f96be50..4fd09b8 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -887,6 +887,11 @@ virSecuritySELinuxSetFileconHelper(const char *path, char *tcon, bool optional)
        int setfilecon_errno = errno;

        if (getfilecon_raw(path, &econ) >= 0) {
+            if (tcon == NULL) {
+                virReportSystemError(errno,"%s",
+                                 _("Invalid security context : NULL"));
+                return -1;
+            }

Explaining how did you reach this point with tcon == NULL, or if you
even managed to do that, would help others understanding the issue
from higher level.  Anyway, the problem here is that this function is
called with tcon == NULL and not that it doesn't check for that (if
you managed to see the segfault).  To explain what I mean; if you
managed to see the segfault when you performed some operation, that's
bad.  But when this patch is applied, you still won't be able to
perform that operation successfully and we need to find out the root
cause of that.

The backtrace would fit nicely in the commit message as well.


            if (STREQ(tcon, econ)) {
                /* It's alright, there's nothing to change anyway. */

libvir-list mailing list
libvir-list redhat com

Attachment: signature.asc
Description: Digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]