From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 18 Oct 2016 06:59:14 +0000 (+0200)
Subject: qemu_hotplug: fix crash in hot(un)plugging chardev devices
X-Git-Tag: v2.4.0-rc1~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=08107826644daa0af710c36aa9282f590e0438dc;p=thirdparty%2Flibvirt.git

qemu_hotplug: fix crash in hot(un)plugging chardev devices

We need to make sure that the chardev is TCP.  Without this check we
may access different part of union and corrupt pointers.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 14af4e11c5..c2ba9357c0 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1729,7 +1729,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
     if (qemuDomainChrPreInsert(vmdef, chr) < 0)
         goto cleanup;
 
-    if (cfg->chardevTLS) {
+    if (dev->type == VIR_DOMAIN_CHR_TYPE_TCP &&
+        cfg->chardevTLS) {
         if (qemuBuildTLSx509BackendProps(cfg->chardevTLSx509certdir,
                                          dev->data.tcp.listen,
                                          cfg->chardevTLSx509verify,
@@ -4398,7 +4399,8 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
 
     sa_assert(tmpChr->info.alias);
 
-    if (cfg->chardevTLS &&
+    if (tmpChr->source.type == VIR_DOMAIN_CHR_TYPE_TCP &&
+        cfg->chardevTLS &&
         !(objAlias = qemuAliasTLSObjFromChardevAlias(tmpChr->info.alias)))
         goto cleanup;