Re: [libvirt] [PATCH] security_selinux: Fix crash in virSecuritySELinuxRestoreFileLabel

2016-01-21 Thread Jiri Denemark 
On Thu, Jan 21, 2016 at 18:31:58 +0800, Shanzhi Yu wrote:
> when failed to boot a guest, virSecuritySELinuxRestoreFileLabel
> will be called eventually to reset security label, which will
> lead a crash if pass null to virFileResolveLink(path, ).
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1300532
> Signed-off-by: Shanzhi Yu 
> ---
>  src/security/security_selinux.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index 9e98635..c8a7553 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -1026,7 +1026,7 @@ 
> virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
>  
>  VIR_INFO("Restoring SELinux context on '%s'", path);

Here you use path without checking it's non-NULL.

>  
> -if (virFileResolveLink(path, ) < 0) {
> +if (path && virFileResolveLink(path, ) < 0) {
>  VIR_WARN("cannot resolve symlink %s: %s", path,
>   virStrerror(errno, ebuf, sizeof(ebuf)));
>  goto err;

Anyway, the bug is somewhere else. virSecuritySELinuxRestoreFileLabel
should never be called with NULL path.

Jirka

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] security_selinux: Fix crash in virSecuritySELinuxRestoreFileLabel

2016-01-21 Thread Shanzhi Yu 
when failed to boot a guest, virSecuritySELinuxRestoreFileLabel
will be called eventually to reset security label, which will
lead a crash if pass null to virFileResolveLink(path, ).

https://bugzilla.redhat.com/show_bug.cgi?id=1300532
Signed-off-by: Shanzhi Yu 
---
 src/security/security_selinux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 9e98635..c8a7553 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1026,7 +1026,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr 
mgr,
 
 VIR_INFO("Restoring SELinux context on '%s'", path);
 
-if (virFileResolveLink(path, ) < 0) {
+if (path && virFileResolveLink(path, ) < 0) {
 VIR_WARN("cannot resolve symlink %s: %s", path,
  virStrerror(errno, ebuf, sizeof(ebuf)));
 goto err;
-- 
1.8.3.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list