mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-10 14:57:42 +00:00
conf: prevent crash with no uuid in cephx auth secret
Fix the null pointer access when UUID is not specified. Introduce a bool 'uuidUsable' to virStoragePoolAuthCephx that indicates if uuid was specified or not and use it instead of the pointless comparison of the static UUID array to NULL. Add an error message if both uuid and usage are specified. Fixes: Error: FORWARD_NULL (CWE-476): libvirt-0.10.2/src/conf/storage_conf.c:461: var_deref_model: Passing null pointer "uuid" to function "virUUIDParse(char const *, unsigned char *)", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) Error: NO_EFFECT (CWE-398): libvirt-0.10.2/src/conf/storage_conf.c:979: array_null: Comparing an array to null is not useful: "src->auth.cephx.secret.uuid != NULL".
This commit is contained in:
parent
05858b27d4
commit
bc680e1381
@ -458,10 +458,20 @@ virStoragePoolDefParseAuthCephx(xmlXPathContextPtr ctxt,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (virUUIDParse(uuid, auth->secret.uuid) < 0) {
|
if (uuid != NULL) {
|
||||||
virReportError(VIR_ERR_XML_ERROR,
|
if (auth->secret.usage != NULL) {
|
||||||
"%s", _("invalid auth secret uuid"));
|
virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
return -1;
|
_("either auth secret uuid or usage expected"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (virUUIDParse(uuid, auth->secret.uuid) < 0) {
|
||||||
|
virReportError(VIR_ERR_XML_ERROR,
|
||||||
|
"%s", _("invalid auth secret uuid"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
auth->secret.uuidUsable = true;
|
||||||
|
} else {
|
||||||
|
auth->secret.uuidUsable = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -979,7 +989,7 @@ virStoragePoolSourceFormat(virBufferPtr buf,
|
|||||||
src->auth.cephx.username);
|
src->auth.cephx.username);
|
||||||
|
|
||||||
virBufferAsprintf(buf," %s", "<secret");
|
virBufferAsprintf(buf," %s", "<secret");
|
||||||
if (src->auth.cephx.secret.uuid != NULL) {
|
if (src->auth.cephx.secret.uuidUsable) {
|
||||||
virUUIDFormat(src->auth.cephx.secret.uuid, uuid);
|
virUUIDFormat(src->auth.cephx.secret.uuid, uuid);
|
||||||
virBufferAsprintf(buf," uuid='%s'", uuid);
|
virBufferAsprintf(buf," uuid='%s'", uuid);
|
||||||
}
|
}
|
||||||
|
@ -169,6 +169,7 @@ struct _virStoragePoolAuthCephx {
|
|||||||
struct {
|
struct {
|
||||||
unsigned char uuid[VIR_UUID_BUFLEN];
|
unsigned char uuid[VIR_UUID_BUFLEN];
|
||||||
char *usage;
|
char *usage;
|
||||||
|
bool uuidUsable;
|
||||||
} secret;
|
} secret;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -70,13 +70,11 @@ static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr *ptr,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pool->def->source.auth.cephx.secret.uuid != NULL) {
|
if (pool->def->source.auth.cephx.secret.uuidUsable) {
|
||||||
virUUIDFormat(pool->def->source.auth.cephx.secret.uuid, secretUuid);
|
virUUIDFormat(pool->def->source.auth.cephx.secret.uuid, secretUuid);
|
||||||
VIR_DEBUG("Looking up secret by UUID: %s", secretUuid);
|
VIR_DEBUG("Looking up secret by UUID: %s", secretUuid);
|
||||||
secret = virSecretLookupByUUIDString(conn, secretUuid);
|
secret = virSecretLookupByUUIDString(conn, secretUuid);
|
||||||
}
|
} else if (pool->def->source.auth.cephx.secret.usage != NULL) {
|
||||||
|
|
||||||
if (pool->def->source.auth.cephx.secret.usage != NULL) {
|
|
||||||
VIR_DEBUG("Looking up secret by usage: %s",
|
VIR_DEBUG("Looking up secret by usage: %s",
|
||||||
pool->def->source.auth.cephx.secret.usage);
|
pool->def->source.auth.cephx.secret.usage);
|
||||||
secret = virSecretLookupByUsage(conn, VIR_SECRET_USAGE_TYPE_CEPH,
|
secret = virSecretLookupByUsage(conn, VIR_SECRET_USAGE_TYPE_CEPH,
|
||||||
|
Loading…
Reference in New Issue
Block a user