From: Laine Stump Date: Mon, 1 Jul 2013 03:52:43 +0000 (-0400) Subject: pci: initialize virtual_functions array pointer to avoid segfault X-Git-Tag: CVE-2013-2218~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c2525ab6a6f0ad5d75a6c60711e2e28cb1cebe9;p=thirdparty%2Flibvirt.git pci: initialize virtual_functions array pointer to avoid segfault This fixes https://bugzilla.redhat.com/show_bug.cgi?id=971325 The problem was that if virPCIGetVirtualFunctions was given the name of a non-existent interface, it would return to its caller without initializing the pointer to the array of virtual functions to NULL, and the caller (virNetDevGetVirtualFunctions) would try to VIR_FREE() the invalid pointer. The final error message before the crash would be: virPCIGetVirtualFunctions:2088 : Failed to open dir '/sys/class/net/eth2/device': No such file or directory In this patch I move the initialization in virPCIGetVirtualFunctions() to the begining of the function, and also do an explicit initialization in virNetDevGetVirtualFunctions, just in case someone in the future adds code into that function prior to the call to virPCIGetVirtualFunctions. --- diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index ebe20d09fb..5e8dffb204 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -1100,6 +1100,9 @@ virNetDevGetVirtualFunctions(const char *pfname, char *pci_sysfs_device_link = NULL; char *pciConfigAddr = NULL; + *virt_fns = NULL; + *n_vfname = 0; + if (virNetDevSysfsFile(&pf_sysfs_device_link, pfname, "device") < 0) return ret; diff --git a/src/util/virpci.c b/src/util/virpci.c index 7d83bdb3c4..54f771531d 100644 --- a/src/util/virpci.c +++ b/src/util/virpci.c @@ -2425,6 +2425,9 @@ virPCIGetVirtualFunctions(const char *sysfs_path, VIR_DEBUG("Attempting to get SR IOV virtual functions for device" "with sysfs path '%s'", sysfs_path); + *virtual_functions = NULL; + *num_virtual_functions = 0; + dir = opendir(sysfs_path); if (dir == NULL) { memset(errbuf, '\0', sizeof(errbuf)); @@ -2434,8 +2437,6 @@ virPCIGetVirtualFunctions(const char *sysfs_path, return ret; } - *virtual_functions = NULL; - *num_virtual_functions = 0; while ((entry = readdir(dir))) { if (STRPREFIX(entry->d_name, "virtfn")) { virPCIDeviceAddress *config_addr = NULL;