virt-aa-helper: Check retval of vah_add_file()

Inside of get_files() there are two cases where vah_add_file() is
not checked for its retval. This is possibly dangerous, because
vah_add_file() might fail. Fix those places by introducing checks
for the retval.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 2ea4b47fa5ec61ef8cd5c23696a57626ec7d8f0f..7748a0d19b18a069b2a7490c2a650d9406dfb865 100644 (file)
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1022,15 +1022,17 @@ get_files(vahControl * ctl)
         const char *rendernode = virDomainGraphicsGetRenderNode(graphics);
 
         if (rendernode) {
-            vah_add_file(&buf, rendernode, "rw");
+            if (vah_add_file(&buf, rendernode, "rw") != 0)
+                goto cleanup;
             needsgl = true;
         } else {
             if (virDomainGraphicsNeedsAutoRenderNode(graphics)) {
                 g_autofree char *defaultRenderNode = virHostGetDRMRenderNode();
                 needsgl = true;
 
-                if (defaultRenderNode) {
-                    vah_add_file(&buf, defaultRenderNode, "rw");
+                if (defaultRenderNode &&
+                    vah_add_file(&buf, defaultRenderNode, "rw") != 0) {
+                    goto cleanup;
                 }
             }
         }