From 64484d550d29b09be6d10ba843e58de0355e05d9 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Wed, 11 Jan 2012 06:42:37 -0500
Subject: [PATCH] Address side effects of accessing vars via index

Address side effect of accessing a variable via an index: Filters
accessing a variable where an element is accessed that is beyond the
size of the list (for example $TEST[10] and only 2 elements are available)
cannot instantiate that filter. Test for this and report proper error
to user.
---
 src/conf/nwfilter_params.c             | 29 ++++++++++++++++++++++++++
 src/conf/nwfilter_params.h             |  3 ++-
 src/libvirt_private.syms               |  2 ++
 src/nwfilter/nwfilter_gentech_driver.c | 27 +++++++++++++++++-------
 4 files changed, 53 insertions(+), 8 deletions(-)

diff --git a/src/conf/nwfilter_params.c b/src/conf/nwfilter_params.c
index 592bcd9e3b..8949b95577 100644
--- a/src/conf/nwfilter_params.c
+++ b/src/conf/nwfilter_params.c
@@ -1072,3 +1072,32 @@ virNWFilterVarAccessGetIntIterId(const virNWFilterVarAccessPtr vap)
 {
     return vap->u.index.intIterId;
 }
+
+bool
+virNWFilterVarAccessIsAvailable(const virNWFilterVarAccessPtr varAccess,
+                                const virNWFilterHashTablePtr hash)
+{
+    const char *varName = virNWFilterVarAccessGetVarName(varAccess);
+    const char *res;
+    unsigned int idx;
+    virNWFilterVarValuePtr varValue;
+
+    varValue = virHashLookup(hash->hashTable, varName);
+    if (!varValue)
+        return false;
+
+    switch (virNWFilterVarAccessGetType(varAccess)) {
+    case VIR_NWFILTER_VAR_ACCESS_ELEMENT:
+        idx = virNWFilterVarAccessGetIndex(varAccess);
+        res = virNWFilterVarValueGetNthValue(varValue, idx);
+        if (res == NULL)
+            return false;
+        break;
+    case VIR_NWFILTER_VAR_ACCESS_ITERATOR:
+        break;
+    case VIR_NWFILTER_VAR_ACCESS_LAST:
+        return false;
+    }
+
+    return true;
+}
diff --git a/src/conf/nwfilter_params.h b/src/conf/nwfilter_params.h
index 68d3d3e0ec..fa8f770f23 100644
--- a/src/conf/nwfilter_params.h
+++ b/src/conf/nwfilter_params.h
@@ -125,7 +125,8 @@ enum virNWFilterVarAccessType virNWFilterVarAccessGetType(
                                            const virNWFilterVarAccessPtr vap);
 unsigned int virNWFilterVarAccessGetIterId(const virNWFilterVarAccessPtr vap);
 unsigned int virNWFilterVarAccessGetIndex(const virNWFilterVarAccessPtr vap);
-
+bool virNWFilterVarAccessIsAvailable(const virNWFilterVarAccessPtr vap,
+                                     const virNWFilterHashTablePtr hash);
 
 typedef struct _virNWFilterVarCombIterEntry virNWFilterVarCombIterEntry;
 typedef virNWFilterVarCombIterEntry *virNWFilterVarCombIterEntryPtr;
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 0abce7052a..ca4beb1255 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -833,6 +833,8 @@ virNWFilterHashTablePut;
 virNWFilterHashTablePutAll;
 virNWFilterHashTableRemoveEntry;
 virNWFilterVarAccessGetVarName;
+virNWFilterVarAccessIsAvailable;
+virNWFilterVarAccessPrint;
 virNWFilterVarCombIterCreate;
 virNWFilterVarCombIterFree;
 virNWFilterVarCombIterGetVarValue;
diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c
index fe9a3a7e13..17fdd39ff0 100644
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -501,16 +501,29 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr filter,
         if (rule) {
             /* check all variables of this rule */
             for (j = 0; j < rule->nVarAccess; j++) {
-                const char *varName;
-                varName = virNWFilterVarAccessGetVarName(rule->varAccess[j]);
-                if (!virHashLookup(vars->hashTable, varName)) {
-                    val = virNWFilterVarValueCreateSimpleCopyValue("1");
-                    if (!val) {
+                if (!virNWFilterVarAccessIsAvailable(rule->varAccess[j],
+                                                     vars)) {
+                    const char *varAccess;
+                    virBuffer buf = VIR_BUFFER_INITIALIZER;
+
+                    virNWFilterVarAccessPrint(rule->varAccess[j], &buf);
+                    if (virBufferError(&buf)) {
+                        virReportOOMError();
                         rc = -1;
                         break;
                     }
-                    virNWFilterHashTablePut(missing_vars, varName,
+
+                    val = virNWFilterVarValueCreateSimpleCopyValue("1");
+                    if (!val) {
+                        virBufferFreeAndReset(&buf);
+                        rc = -1;
+                        break;
+                    }
+
+                    varAccess = virBufferContentAndReset(&buf);
+                    virNWFilterHashTablePut(missing_vars, varAccess,
                                             val, 1);
+                    VIR_FREE(varAccess);
                 }
             }
             if (rc)
@@ -752,7 +765,7 @@ err_unresolvable_vars:
     if (buf) {
         virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
                    _("Cannot instantiate filter due to unresolvable "
-                     "variables: %s"), buf);
+                     "variables or unavailable list elements: %s"), buf);
         VIR_FREE(buf);
     }