Fix libvirtd free() segfault when migrating guest with deleted open vswitch port

libvirtd crashes on free()ing portData for an open vswitch port if that port
was deleted.  To reproduce:

ovs-vsctl del-port vnet0
virsh migrate --live kvm1 qemu+ssh://dstHost/system

Error message:
libvirtd: *** Error in `/usr/sbin/libvirtd': free(): invalid pointer: 0x000003ff90001e20 ***

The problem is that virCommandRun can return an empty string in the event that
the port being queried does not exist. When this happens then we are
unconditionally overwriting a newline character at position strlen()-1. When
strlen is 0, we overwrite memory that does not belong to the string.

The fix: Only overwrite the newline if the string is not empty.

Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
This commit is contained in:
Jason J. Herne 2016-01-26 13:25:17 -05:00 committed by Andrea Bolognani
parent 370608b4c7
commit 871e10fc95

View File

@ -222,8 +222,10 @@ int virNetDevOpenvswitchGetMigrateData(char **migrate, const char *ifname)
goto cleanup;
}
/* Wipeout the newline */
(*migrate)[strlen(*migrate) - 1] = '\0';
/* Wipeout the newline, if it exists */
if (strlen(*migrate) > 0)
(*migrate)[strlen(*migrate) - 1] = '\0';
ret = 0;
cleanup:
virCommandFree(cmd);