]> git.ipfire.org Git - thirdparty/libvirt.git/commit
projects / thirdparty / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 29e702e) | patch
util: Avoid libvirtd crash in virNetDevTapCreate
authorAlex Jia <ajia@redhat.com>
Sat, 28 Apr 2012 11:01:40 +0000 (19:01 +0800)
committerEric Blake <eblake@redhat.com>
Mon, 30 Apr 2012 17:49:01 +0000 (11:49 -0600)
commit5ee18aaa578768893918d67e0dc36fe72b73b736
tree7ba5f7016f138d4511c0b0c9ddc6b5cd3c51e2b7tree
parent29e702e57698699cecb7067deb44d0d078e4172ecommit | diff
util: Avoid libvirtd crash in virNetDevTapCreate

In fact, the 'tapfd' is always NULL, the function 'virNetDevTapCreate()' hasn't
assign 'fd' to 'tapfd', when the function 'virNetDevSetMAC()' is failed then
goto 'error' label, finally, the VIR_FORCE_CLOSE() will deref a NULL 'tapfd'.

* util/virnetdevtap.c (virNetDevTapCreateInBridgePort): fix a NULL pointer derefing.

* How to reproduce?

$ cat > /tmp/net.xml <<EOF
<network>
  <name>test</name>
  <forward mode='nat'/>
  <bridge name='br1' stp='off' delay='1' />
  <mac address='00:00:00:00:00:00'/>
  <ip address='192.168.100.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.100.2' end='192.168.100.254' />
    </dhcp>
  </ip>
</network>
EOF

$ virsh net-define /tmp/net.xml

$ virsh net-start test
error: Failed to start network brTest
error: End of file while reading data: Input/output error

Signed-off-by: Alex Jia <ajia@redhat.com>
src/util/virnetdevtap.c diff | blob | blame | history
Mirror of https://github.com/libvirt/libvirt.git