From: Daniel P. Berrange Date: Tue, 17 May 2011 08:54:22 +0000 (-0400) Subject: Fix QEMU migration cookie crash for guests with no graphics X-Git-Tag: CVE-2011-2178~128 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03f8832684fce3baa648a1f739e4ddf1b58aad84;p=thirdparty%2Flibvirt.git Fix QEMU migration cookie crash for guests with no graphics When generating a cookie for a guest with no data, the QEMU_MIGRATION_COOKIE_GRAPHICS flag was set even if no graphics data was added. Avoid setting the flag unless it was needed, also add a safety check for mig->graphics being non-NULL * src/qemu/qemu_migration.c: Avoid cookie crash for guest with no graphics --- diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index fcf8f9c85e..4d7bc38c4c 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -252,11 +252,12 @@ qemuMigrationCookieAddGraphics(qemuMigrationCookiePtr mig, if (dom->def->ngraphics == 1 && (dom->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC || - dom->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE) && - !(mig->graphics = qemuMigrationCookieGraphicsAlloc(driver, dom->def->graphics[0]))) - return -1; - - mig->flags |= QEMU_MIGRATION_COOKIE_GRAPHICS; + dom->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE)) { + if (!(mig->graphics = + qemuMigrationCookieGraphicsAlloc(driver, dom->def->graphics[0]))) + return -1; + mig->flags |= QEMU_MIGRATION_COOKIE_GRAPHICS; + } return 0; } @@ -295,7 +296,8 @@ static void qemuMigrationCookieXMLFormat(virBufferPtr buf, virBufferEscapeString(buf, " %s\n", mig->hostname); virBufferAsprintf(buf, " %s\n", hostuuidstr); - if (mig->flags & QEMU_MIGRATION_COOKIE_GRAPHICS) + if ((mig->flags & QEMU_MIGRATION_COOKIE_GRAPHICS) && + mig->graphics) qemuMigrationCookieGraphicsXMLFormat(buf, mig->graphics); virBufferAddLit(buf, "\n");