From d8bd0cff27c0572e9305e7fdbc6b843f74d9e30f Mon Sep 17 00:00:00 2001 From: Daniel P. Berrange Date: Mon, 29 Jun 2009 10:41:56 +0000 Subject: [PATCH] Fix crash in QEMU driver with bad capabilities data (cherry picked from commit 39c7e7a6b79bbdfa36928a430d56fa88a204e8fd) Fedora-patch: libvirt-0.6.2-fix-libvirtd-crash-with-bad-capabilities-data.patch --- src/qemu_driver.c | 80 +++++++++++++++++++++++++++++++++++----------------- 1 files changed, 54 insertions(+), 26 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index cb738b2..3d3675c 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -360,12 +360,43 @@ next: return 0; } + +static int +qemudSecurityCapsInit(virSecurityDriverPtr secdrv, + virCapsPtr caps) +{ + const char *doi, *model; + + doi = virSecurityDriverGetDOI(secdrv); + model = virSecurityDriverGetModel(secdrv); + + caps->host.secModel.model = strdup(model); + if (!caps->host.secModel.model) { + char ebuf[1024]; + VIR_ERROR(_("Failed to copy secModel model: %s"), + virStrerror(errno, ebuf, sizeof ebuf)); + return -1; + } + + caps->host.secModel.doi = strdup(doi); + if (!caps->host.secModel.doi) { + char ebuf[1024]; + VIR_ERROR(_("Failed to copy secModel DOI: %s"), + virStrerror(errno, ebuf, sizeof ebuf)); + return -1; + } + + VIR_DEBUG("Initialized caps for security driver \"%s\" with " + "DOI \"%s\"", model, doi); + + return 0; +} + + static int qemudSecurityInit(struct qemud_driver *qemud_drv) { int ret; - const char *doi, *model; - virCapsPtr caps; virSecurityDriverPtr security_drv; ret = virSecurityDriverStartup(&security_drv, @@ -381,36 +412,17 @@ qemudSecurityInit(struct qemud_driver *qemud_drv) } qemud_drv->securityDriver = security_drv; - doi = virSecurityDriverGetDOI(security_drv); - model = virSecurityDriverGetModel(security_drv); - VIR_DEBUG("Initialized security driver \"%s\" with " - "DOI \"%s\"", model, doi); + VIR_INFO("Initialized security driver %s", security_drv->name); /* * Add security policy host caps now that the security driver is * initialized. */ - caps = qemud_drv->caps; - - caps->host.secModel.model = strdup(model); - if (!caps->host.secModel.model) { - char ebuf[1024]; - VIR_ERROR(_("Failed to copy secModel model: %s"), - virStrerror(errno, ebuf, sizeof ebuf)); - return -1; - } + return qemudSecurityCapsInit(security_drv, qemud_drv->caps); +} - caps->host.secModel.doi = strdup(doi); - if (!caps->host.secModel.doi) { - char ebuf[1024]; - VIR_ERROR(_("Failed to copy secModel DOI: %s"), - virStrerror(errno, ebuf, sizeof ebuf)); - return -1; - } - return 0; -} /** * qemudStartup: @@ -1852,13 +1864,29 @@ static int qemudGetNodeInfo(virConnectPtr conn, static char *qemudGetCapabilities(virConnectPtr conn) { struct qemud_driver *driver = conn->privateData; + virCapsPtr caps; char *xml = NULL; qemuDriverLock(driver); + if ((caps = qemudCapsInit()) == NULL) { + virReportOOMError(conn); + goto cleanup; + } + + if (qemu_driver->securityDriver && + qemudSecurityCapsInit(qemu_driver->securityDriver, caps) < 0) { + virCapabilitiesFree(caps); + virReportOOMError(conn); + goto cleanup; + } + virCapabilitiesFree(qemu_driver->caps); - if ((qemu_driver->caps = qemudCapsInit()) == NULL || - (xml = virCapabilitiesFormatXML(driver->caps)) == NULL) + qemu_driver->caps = caps; + + if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL) virReportOOMError(conn); + +cleanup: qemuDriverUnlock(driver); return xml; -- 1.6.2.5