[libvirt] [PATCH] network: check for invalid forward delay time
Erik Skultety
eskultet at redhat.com
Mon Sep 8 14:49:58 UTC 2014
When spanning tree protocol is allowed in bridge settings, forward delay
value is set as well (default is 0 if omitted). Until now, there was no
check for delay value validity. Delay makes sense only as a positive
numerical value.
Note: However, even if you provide positive numerical value, brctl
utility only uses values from range <2,30>, so the number provided can
be modified (kernel most likely) to fall within this range.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1125764
---
docs/schemas/network.rng | 2 +-
src/conf/network_conf.c | 18 +++++++++++++-----
src/util/virxml.c | 2 +-
3 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/docs/schemas/network.rng b/docs/schemas/network.rng
index 0e7da89..ab41814 100644
--- a/docs/schemas/network.rng
+++ b/docs/schemas/network.rng
@@ -62,7 +62,7 @@
<optional>
<attribute name="delay">
- <data type="integer"/>
+ <data type="unsignedLong"/>
</attribute>
</optional>
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index 9571ee1..4d6db8c 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -2016,6 +2016,7 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
xmlNodePtr save = ctxt->node;
xmlNodePtr bandwidthNode = NULL;
xmlNodePtr vlanNode;
+ int ret = 0;
if (VIR_ALLOC(def) < 0)
return NULL;
@@ -2078,8 +2079,15 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
stp = virXPathString("string(./bridge[1]/@stp)", ctxt);
def->stp = (stp && STREQ(stp, "off")) ? false : true;
- if (virXPathULong("string(./bridge[1]/@delay)", ctxt, &def->delay) < 0)
- def->delay = 0;
+ ret = virXPathULong("string(./bridge[1]/@delay)", ctxt, &def->delay);
+ if (ret == -2) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("Invalid delay value in network '%s'"),
+ def->name);
+ goto error;
+ } else if (ret < 0) {
+ def->delay = 0;
+ }
tmp = virXPathString("string(./mac[1]/@address)", ctxt);
if (tmp) {
@@ -2126,7 +2134,7 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
goto error;
/* parse each portgroup */
for (i = 0; i < nPortGroups; i++) {
- int ret = virNetworkPortGroupParseXML(&def->portGroups[i],
+ ret = virNetworkPortGroupParseXML(&def->portGroups[i],
portGroupNodes[i], ctxt);
if (ret < 0)
goto error;
@@ -2147,7 +2155,7 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
goto error;
/* parse each addr */
for (i = 0; i < nIps; i++) {
- int ret = virNetworkIPDefParseXML(def->name, ipNodes[i],
+ ret = virNetworkIPDefParseXML(def->name, ipNodes[i],
ctxt, &def->ips[i]);
if (ret < 0)
goto error;
@@ -2168,7 +2176,7 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
goto error;
/* parse each definition */
for (i = 0; i < nRoutes; i++) {
- int ret = virNetworkRouteDefParseXML(def->name, routeNodes[i],
+ ret = virNetworkRouteDefParseXML(def->name, routeNodes[i],
ctxt, &def->routes[i]);
if (ret < 0)
goto error;
diff --git a/src/util/virxml.c b/src/util/virxml.c
index cc4a85c..f730f5e 100644
--- a/src/util/virxml.c
+++ b/src/util/virxml.c
@@ -286,7 +286,7 @@ virXPathULongBase(const char *xpath,
ctxt->node = relnode;
if ((obj != NULL) && (obj->type == XPATH_STRING) &&
(obj->stringval != NULL) && (obj->stringval[0] != 0)) {
- if (virStrToLong_ul((char *) obj->stringval, NULL, base, value) < 0)
+ if (virStrToLong_ulp((char *) obj->stringval, NULL, base, value) < 0)
ret = -2;
} else if ((obj != NULL) && (obj->type == XPATH_NUMBER) &&
(!(isnan(obj->floatval)))) {
--
1.9.3
More information about the libvir-list
mailing list