conf: prevent crash with no uuid in cephx auth secret

Fix the null pointer access when UUID is not specified.
Introduce a bool 'uuidUsable' to virStoragePoolAuthCephx that indicates
if uuid was specified or not and use it instead of the pointless
comparison of the static UUID array to NULL.
Add an error message if both uuid and usage are specified.

Fixes:
Error: FORWARD_NULL (CWE-476):
libvirt-0.10.2/src/conf/storage_conf.c:461: var_deref_model: Passing
    null pointer "uuid" to function "virUUIDParse(char const *, unsigned
    char *)", which dereferences it. (The dereference is assumed on the
    basis of the 'nonnull' parameter attribute.)
Error: NO_EFFECT (CWE-398):
    libvirt-0.10.2/src/conf/storage_conf.c:979: array_null: Comparing an
    array to null is not useful: "src->auth.cephx.secret.uuid != NULL".
This commit is contained in:
Ján Tomko 2012-12-03 13:35:05 +01:00 committed by Peter Krempa
parent 05858b27d4
commit bc680e1381
3 changed files with 18 additions and 9 deletions

View File

@ -458,11 +458,21 @@ virStoragePoolDefParseAuthCephx(xmlXPathContextPtr ctxt,
return -1;
}
if (uuid != NULL) {
if (auth->secret.usage != NULL) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("either auth secret uuid or usage expected"));
return -1;
}
if (virUUIDParse(uuid, auth->secret.uuid) < 0) {
virReportError(VIR_ERR_XML_ERROR,
"%s", _("invalid auth secret uuid"));
return -1;
}
auth->secret.uuidUsable = true;
} else {
auth->secret.uuidUsable = false;
}
return 0;
}
@ -979,7 +989,7 @@ virStoragePoolSourceFormat(virBufferPtr buf,
src->auth.cephx.username);
virBufferAsprintf(buf," %s", "<secret");
if (src->auth.cephx.secret.uuid != NULL) {
if (src->auth.cephx.secret.uuidUsable) {
virUUIDFormat(src->auth.cephx.secret.uuid, uuid);
virBufferAsprintf(buf," uuid='%s'", uuid);
}

View File

@ -169,6 +169,7 @@ struct _virStoragePoolAuthCephx {
struct {
unsigned char uuid[VIR_UUID_BUFLEN];
char *usage;
bool uuidUsable;
} secret;
};

View File

@ -70,13 +70,11 @@ static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr *ptr,
goto cleanup;
}
if (pool->def->source.auth.cephx.secret.uuid != NULL) {
if (pool->def->source.auth.cephx.secret.uuidUsable) {
virUUIDFormat(pool->def->source.auth.cephx.secret.uuid, secretUuid);
VIR_DEBUG("Looking up secret by UUID: %s", secretUuid);
secret = virSecretLookupByUUIDString(conn, secretUuid);
}
if (pool->def->source.auth.cephx.secret.usage != NULL) {
} else if (pool->def->source.auth.cephx.secret.usage != NULL) {
VIR_DEBUG("Looking up secret by usage: %s",
pool->def->source.auth.cephx.secret.usage);
secret = virSecretLookupByUsage(conn, VIR_SECRET_USAGE_TYPE_CEPH,