[libvirt] [PATCH] nwfilter: don't crash listing filters in unprivileged daemon
John Ferlan
jferlan at redhat.com
Tue Dec 5 21:48:36 UTC 2017
On 12/05/2017 11:41 AM, Daniel P. Berrange wrote:
> The unprivileged libvirtd does not support nwfilter config, by leaves the
> driver active. It is supposed to result in all APIs being an effective
> no-op, but several APIs rely on driver->nwfilters being non-NULL, or they
> will reference a NULL pointer. Rather than adding checks for NULL in many
> places, just make sure driver->nwfilters is always initialized.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> src/nwfilter/nwfilter_driver.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
I think nwfilterStateCleanup will also need a slight, but obvious
adjustment...
Reviewed-by: John Ferlan <jferlan at redhat.com>
John
(and since it's in 3.9, I need a bz to handle a backport <sigh>)
> diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
> index 2f9a51c405..89b767fe11 100644
> --- a/src/nwfilter/nwfilter_driver.c
> +++ b/src/nwfilter/nwfilter_driver.c
> @@ -189,6 +189,8 @@ nwfilterStateInitialize(bool privileged,
> /* remember that we are going to use firewalld */
> driver->watchingFirewallD = (sysbus != NULL);
> driver->privileged = privileged;
> + if (!(driver->nwfilters = virNWFilterObjListNew()))
> + goto error;
>
> if (!privileged)
> return 0;
> @@ -244,9 +246,6 @@ nwfilterStateInitialize(bool privileged,
> goto error;
> }
>
> - if (!(driver->nwfilters = virNWFilterObjListNew()))
> - goto error;
> -
> if (virNWFilterObjListLoadAllConfigs(driver->nwfilters, driver->configDir) < 0)
> goto error;
>
> @@ -271,6 +270,7 @@ nwfilterStateInitialize(bool privileged,
> virNWFilterIPAddrMapShutdown();
>
> err_free_driverstate:
> + virNWFilterObjListFree(driver->nwfilters);
> VIR_FREE(driver);
>
> return -1;
>
More information about the libvir-list
mailing list