]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 924a6c7)
conf: check the return value of virXPathNodeSet
authorJán Tomko <jtomko@redhat.com>
Wed, 28 Nov 2012 13:34:50 +0000 (14:34 +0100)
committerOsier Yang <jyang@redhat.com>
Wed, 28 Nov 2012 16:00:39 +0000 (00:00 +0800)
In a few places, the return value could get passed to VIR_ALLOC_N without
being checked, resulting in a request to allocate a lot of memory if the
return value was negative.

src/conf/domain_conf.c patch | blob | blame | history
src/conf/storage_conf.c patch | blob | blame | history

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 2ca608f8d83192ccc089db0a3ac8ec9e5fd8e6cd..814859ab2594bc45f77309df229978f945a227f6 100644 (file)
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3258,7 +3258,9 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def,
     saved_node = ctxt->node;
 
     /* Allocate a security labels based on XML */
-    if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) == 0)
+    if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) < 0)
+        goto error;
+    if (n == 0)
         return 0;
 
     if (VIR_ALLOC_N(def->seclabels, n) < 0) {
@@ -3345,7 +3347,9 @@ virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDefPtr **seclabels_rtn,
     virSecurityLabelDefPtr vmDef = NULL;
     char *model, *relabel, *label;
 
-    if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) == 0)
+    if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) < 0)
+        goto error;
+    if (n == 0)
         return 0;
 
     if (VIR_ALLOC_N(seclabels, n) < 0) {
diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c
index 1c9934c4ea9696c77ea3e8c1dea0ba137cb6258f..3fdc5b639c483e49581035c82574c83622c77547 100644 (file)
--- a/src/conf/storage_conf.c
+++ b/src/conf/storage_conf.c
@@ -479,6 +479,7 @@ virStoragePoolDefParseSource(xmlXPathContextPtr ctxt,
     virStoragePoolOptionsPtr options;
     char *name = NULL;
     char *port = NULL;
+    int n;
 
     relnode = ctxt->node;
     ctxt->node = node;
@@ -510,7 +511,9 @@ virStoragePoolDefParseSource(xmlXPathContextPtr ctxt,
         VIR_FREE(format);
     }
 
-    source->nhost = virXPathNodeSet("./host", ctxt, &nodeset);
+    if ((n = virXPathNodeSet("./host", ctxt, &nodeset)) < 0)
+        goto cleanup;
+    source->nhost = n;
 
     if (source->nhost) {
         if (VIR_ALLOC_N(source->hosts, source->nhost) < 0) {
Mirror of https://github.com/libvirt/libvirt.git