From: John Ferlan Date: Fri, 12 Sep 2014 12:40:07 +0000 (-0400) Subject: daemon: Resolve Coverity FORWARD_NULL X-Git-Tag: CVE-2014-3633~49 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f967758664e33d332bcd8449801e78d73d769e9;p=thirdparty%2Flibvirt.git daemon: Resolve Coverity FORWARD_NULL Coverity complains that the comparison: if (nfds && nfds > ((int)!!sock_path + (int)!!sock_path_ro)) could mean 'sock_path' is NULL. Later in virNetSocketNewListenUNIX there's a direct dereference of path in the error path: if (path[0] != '@') A bit of sleuthing proves that upon entry to daemonSetupNetworking there is no way for 'sock_path' to be NULL since daemonUnixSocketPaths will set up 'sock_file' (although it may not set up 'sock_file_ro') in all 3 paths. Adjusted code to add ATTRIBUTE_NONNULL(3) on incoming path parameter and then fixup the comparison of nfds to be a comparison against 2 or 1 depending on whether sock_path_ro is NULL or not. --- diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index 9ad8ff5471..329d8d492b 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -442,12 +442,13 @@ static void daemonInitialize(void) } -static int daemonSetupNetworking(virNetServerPtr srv, - struct daemonConfig *config, - const char *sock_path, - const char *sock_path_ro, - bool ipsock, - bool privileged) +static int ATTRIBUTE_NONNULL(3) +daemonSetupNetworking(virNetServerPtr srv, + struct daemonConfig *config, + const char *sock_path, + const char *sock_path_ro, + bool ipsock, + bool privileged) { virNetServerServicePtr svc = NULL; virNetServerServicePtr svcRO = NULL; @@ -467,7 +468,7 @@ static int daemonSetupNetworking(virNetServerPtr srv, return -1; } - if (nfds && nfds > ((int)!!sock_path + (int)!!sock_path_ro)) { + if (nfds > (sock_path_ro ? 2 : 1)) { VIR_ERROR(_("Too many (%u) FDs passed from caller"), nfds); return -1; }