util: Avoid libvirtd crash in virNetDevTapCreate

In fact, the 'tapfd' is always NULL, the function 'virNetDevTapCreate()' hasn't
assign 'fd' to 'tapfd', when the function 'virNetDevSetMAC()' is failed then
goto 'error' label, finally, the VIR_FORCE_CLOSE() will deref a NULL 'tapfd'.

* util/virnetdevtap.c (virNetDevTapCreateInBridgePort): fix a NULL pointer derefing.

* How to reproduce?

$ cat > /tmp/net.xml <<EOF
<network>
  <name>test</name>
  <forward mode='nat'/>
  <bridge name='br1' stp='off' delay='1' />
  <mac address='00:00:00:00:00:00'/>
  <ip address='192.168.100.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.100.2' end='192.168.100.254' />
    </dhcp>
  </ip>
</network>
EOF

$ virsh net-define /tmp/net.xml

$ virsh net-start test
error: Failed to start network brTest
error: End of file while reading data: Input/output error

Signed-off-by: Alex Jia <ajia@redhat.com>
This commit is contained in:
Alex Jia 2012-04-28 19:01:40 +08:00 committed by Eric Blake
parent 29e702e576
commit 5ee18aaa57

View File

@ -341,7 +341,8 @@ int virNetDevTapCreateInBridgePort(const char *brname,
return 0; return 0;
error: error:
VIR_FORCE_CLOSE(*tapfd); if (tapfd)
VIR_FORCE_CLOSE(*tapfd);
return errno; return errno;
} }