From fdab78b57400905acd6040c8fb91206e2afbd795 Mon Sep 17 00:00:00 2001 From: John Ferlan Date: Fri, 21 Jul 2017 17:25:57 -0400 Subject: [PATCH] qemu: Fix bug assuming usage of default UUID for certificate passphrase If an environment specific _tls_x509_cert_dir is provided, then do not VIR_STRDUP the defaultTLSx509secretUUID as that would be for the "default" environment and not the vnc, spice, chardev, or migrate environments. If the environment needs a secret to decode it's certificate, then it must provide the secret. If the secrets happen to be the same, then configuration would use the same UUID as the default (but we cannot assume that nor can we assume that the secret would be necessary). --- src/qemu/qemu_conf.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 1a4a998fcb..ab5f7cc591 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -564,14 +564,18 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg, goto cleanup; \ if (rv == 0) \ cfg->val## TLSx509verify = cfg->defaultTLSx509verify; \ - if (virConfGetValueString(conf, #val "_tls_x509_cert_dir", \ - &cfg->val## TLSx509certdir) < 0) \ + if ((rv = virConfGetValueString(conf, #val "_tls_x509_cert_dir", \ + &cfg->val## TLSx509certdir)) < 0) \ goto cleanup; \ if (virConfGetValueString(conf, \ #val "_tls_x509_secret_uuid", \ &cfg->val## TLSx509secretUUID) < 0) \ goto cleanup; \ - if (!cfg->val## TLSx509secretUUID && \ + /* Only if a *tls_x509_cert_dir wasn't found (e.g. rv == 0), should \ + * we copy the defaultTLSx509secretUUID. If this environment needs \ + * a passphrase to decode the certificate, then it should provide \ + * it's own secretUUID for that. */ \ + if (rv == 0 && !cfg->val## TLSx509secretUUID && \ cfg->defaultTLSx509secretUUID) { \ if (VIR_STRDUP(cfg->val## TLSx509secretUUID, \ cfg->defaultTLSx509secretUUID) < 0) \