[libvirt] [PATCH v2 4/6] Address side effects of accessing vars via index

Stefan Berger Tue, 10 Jan 2012 13:10:41 -0800

Address side effect of accessing a variable via an index: Filters
accessing a variable where an element is accessed that is beyond the
size of the list (for example $TEST[10] and only 2 elements are available)
cannot instantiate that filter. Test for this and report proper error
to user.


---
 src/conf/nwfilter_params.c             |   29 +++++++++++++++++++++++++++++
 src/conf/nwfilter_params.h             |    3 ++-
 src/libvirt_private.syms               |    2 ++
 src/nwfilter/nwfilter_gentech_driver.c |   23 ++++++++++++++++++-----
 4 files changed, 51 insertions(+), 6 deletions(-)

Index: libvirt-iterator/src/conf/nwfilter_params.h
===================================================================
--- libvirt-iterator.orig/src/conf/nwfilter_params.h
+++ libvirt-iterator/src/conf/nwfilter_params.h
@@ -125,7 +125,8 @@ enum virNWFilterVarAccessType virNWFilte
                                            const virNWFilterVarAccessPtr vap);
 unsigned int virNWFilterVarAccessGetIterId(const virNWFilterVarAccessPtr vap);
 unsigned int virNWFilterVarAccessGetIndex(const virNWFilterVarAccessPtr vap);
-
+bool virNWFilterVarAccessIsAvailable(const virNWFilterVarAccessPtr vap,
+                                     const virNWFilterHashTablePtr hash);
 
 typedef struct _virNWFilterVarCombIterEntry virNWFilterVarCombIterEntry;
 typedef virNWFilterVarCombIterEntry *virNWFilterVarCombIterEntryPtr;
Index: libvirt-iterator/src/nwfilter/nwfilter_gentech_driver.c
===================================================================
--- libvirt-iterator.orig/src/nwfilter/nwfilter_gentech_driver.c
+++ libvirt-iterator/src/nwfilter/nwfilter_gentech_driver.c
@@ -501,16 +501,29 @@ virNWFilterDetermineMissingVarsRec(virNW
         if (rule) {
             /* check all variables of this rule */
             for (j = 0; j < rule->nVarAccess; j++) {
-                const char *varName;
-                varName = virNWFilterVarAccessGetVarName(rule->varAccess[j]);
-                if (!virHashLookup(vars->hashTable, varName)) {
+                if (!virNWFilterVarAccessIsAvailable(rule->varAccess[j],
+                                                     vars)) {
+                    const char *varAccess;
+                    virBuffer buf = VIR_BUFFER_INITIALIZER;
+
+                    virNWFilterVarAccessPrint(rule->varAccess[j], &buf);
+                    if (virBufferError(&buf)) {
+                        virReportOOMError();
+                        rc = -1;
+                        break;
+                    }
+
                     val = virNWFilterVarValueCreateSimpleCopyValue("1");
                     if (!val) {
+                        virBufferFreeAndReset(&buf);
                         rc = -1;
                         break;
                     }
-                    virNWFilterHashTablePut(missing_vars, varName,
+
+                    varAccess = virBufferContentAndReset(&buf);
+                    virNWFilterHashTablePut(missing_vars, varAccess,
                                             val, 1);
+                    VIR_FREE(varAccess);
                 }
             }
             if (rc)
@@ -752,7 +765,7 @@ err_unresolvable_vars:
     if (buf) {
         virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
                    _("Cannot instantiate filter due to unresolvable "
-                     "variables: %s"), buf);
+                     "variables or unavailable list elements: %s"), buf);
         VIR_FREE(buf);
     }
 
Index: libvirt-iterator/src/conf/nwfilter_params.c
===================================================================
--- libvirt-iterator.orig/src/conf/nwfilter_params.c
+++ libvirt-iterator/src/conf/nwfilter_params.c
@@ -1072,3 +1072,32 @@ virNWFilterVarAccessGetIntIterId(const v
 {
     return vap->u.index.intIterId;
 }
+
+bool
+virNWFilterVarAccessIsAvailable(const virNWFilterVarAccessPtr varAccess,
+                                const virNWFilterHashTablePtr hash)
+{
+    const char *varName = virNWFilterVarAccessGetVarName(varAccess);
+    const char *res;
+    unsigned int idx;
+    virNWFilterVarValuePtr varValue;
+
+    varValue = virHashLookup(hash->hashTable, varName);
+    if (!varValue)
+        return false;
+
+    switch (virNWFilterVarAccessGetType(varAccess)) {
+    case VIR_NWFILTER_VAR_ACCESS_ELEMENT:
+        idx = virNWFilterVarAccessGetIndex(varAccess);
+        res = virNWFilterVarValueGetNthValue(varValue, idx);
+        if (res == NULL)
+            return false;
+        break;
+    case VIR_NWFILTER_VAR_ACCESS_ITERATOR:
+        break;
+    case VIR_NWFILTER_VAR_ACCESS_LAST:
+        return false;
+    }
+
+    return true;
+}
Index: libvirt-iterator/src/libvirt_private.syms
===================================================================
--- libvirt-iterator.orig/src/libvirt_private.syms
+++ libvirt-iterator/src/libvirt_private.syms
@@ -833,6 +833,8 @@ virNWFilterHashTablePut;
 virNWFilterHashTablePutAll;
 virNWFilterHashTableRemoveEntry;
 virNWFilterVarAccessGetVarName;
+virNWFilterVarAccessIsAvailable;
+virNWFilterVarAccessPrint;
 virNWFilterVarCombIterCreate;
 virNWFilterVarCombIterFree;
 virNWFilterVarCombIterGetVarValue;

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 4/6] Address side effects of accessing vars via index

Reply via email to