From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 9 Jul 2012 12:37:01 +0000 (+0200)
Subject: storage_backend_fs: Allocate entry for host before accessing it
X-Git-Tag: CVE-2012-3445~200
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48b78519983d403f0c81b9abc37e9de773331aef;p=thirdparty%2Flibvirt.git

storage_backend_fs: Allocate entry for host before accessing it

Commit 122fa379de44a2fd0a6d5fbcb634535d647ada17 introduces option to
store more than one host entry in a storage pool source definition. That
commit causes a regression, where a check is added that only one host
entry should be present (that actualy is not present as the source
structure was just allocated and zeroed) instead of allocating memory
for the host entry.
---

diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
index 5e3da14963..5eb486ef70 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -205,11 +205,11 @@ virStorageBackendFileSystemNetFindPoolSourcesFunc(virStoragePoolObjPtr pool ATTR
     if (!(src = virStoragePoolSourceListNewSource(&state->list)))
         goto cleanup;
 
-    if (src->nhost != 1) {
-        virStorageReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                              _("Expected exactly 1 host for the storage pool"));
+    if (VIR_ALLOC_N(src->hosts, 1) < 0) {
+        virReportOOMError();
         goto cleanup;
     }
+    src->nhost = 1;
 
     if (!(src->hosts[0].name = strdup(state->host)) ||
         !(src->dir = strdup(path))) {