[libvirt] [PATCH v2] polkit_driver: fix possible segfault

Daniel P. Berrange berrange at redhat.com
Thu Sep 25 10:48:28 UTC 2014 

On Thu, Sep 25, 2014 at 12:42:09PM +0200, Pavel Hrdina wrote:
> The changes in commit c7542573 introduced possible segfault. Looking
> deeper into the code and the original code before the patch series were
> applied I think that we should report error for each function failure
> and also we shouldn't call some of the function twice.
> 
> Found by coverity.
> 
> Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
> ---
>  src/access/viraccessdriverpolkit.c | 20 +++++++++-----------
>  1 file changed, 9 insertions(+), 11 deletions(-)
> 
> diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
> index 2bc1842..3136be7 100644
> --- a/src/access/viraccessdriverpolkit.c
> +++ b/src/access/viraccessdriverpolkit.c
> @@ -87,24 +87,22 @@ virAccessDriverPolkitGetCaller(const char *actionid,
>                         actionid);
>          return -1;
>      }
> -    if (virIdentityGetUNIXProcessID(identity, pid) < 0)
> -        goto cleanup;
> -    if (virIdentityGetUNIXProcessTime(identity, startTime) < 0)
> -        goto cleanup;
> -    if (virIdentityGetUNIXUserID(identity, uid) < 0)
> -        goto cleanup;
>  
> -    if (!pid) {
> +    if (virIdentityGetUNIXProcessID(identity, pid) < 0) {
>          virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
>                         _("No UNIX process ID available"));
>          goto cleanup;
>      }
> -
> -    if (virIdentityGetUNIXProcessTime(identity, startTime) < 0)
> +    if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) {
> +        virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
> +                       _("No UNIX process start time available"));
>          goto cleanup;
> -
> -    if (virIdentityGetUNIXUserID(identity, uid) < 0)
> +    }
> +    if (virIdentityGetUNIXUserID(identity, uid) < 0) {
> +        virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
> +                       _("No UNIX caller UID available"));
>          goto cleanup;
> +    }
>  

ACK, that duplication comes from a merge rebase error.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list