From: Daniel P. Berrange <berrange@redhat.com>
Date: Wed, 18 May 2011 13:52:26 +0000 (-0400)
Subject: Blank out the 'listenAddr' parameter if empty string
X-Git-Tag: CVE-2011-2178~130
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4bfe396e1409d79fedba18339790e6031bfd5612;p=thirdparty%2Flibvirt.git

Blank out the 'listenAddr' parameter if empty string

Some bogus apps are generating a VNC/SPICE/RFB listen attribute
with no content. This then causes a failure with the graphics
migration cookie parsing. Blank out the 'listenAddr' parameter
after parsing domain XML if it is the empty string, so the host
default takes over

* src/qemu/qemu_migration.c: Blank out listenAddr parameter
  if empty
---

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 3298c80e57..6129bbc6b4 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3904,6 +3904,10 @@ virDomainGraphicsDefParseXML(xmlNodePtr node, int flags) {
         def->data.vnc.socket = virXMLPropString(node, "socket");
         def->data.vnc.keymap = virXMLPropString(node, "keymap");
 
+        if (def->data.vnc.listenAddr &&
+            !def->data.vnc.listenAddr[0])
+            VIR_FREE(def->data.vnc.listenAddr);
+
         if (virDomainGraphicsAuthDefParseXML(node, &def->data.vnc.auth) < 0)
             goto error;
     } else if (def->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL) {
@@ -3968,6 +3972,10 @@ virDomainGraphicsDefParseXML(xmlNodePtr node, int flags) {
         }
 
         def->data.rdp.listenAddr = virXMLPropString(node, "listen");
+
+        if (def->data.rdp.listenAddr &&
+            !def->data.rdp.listenAddr[0])
+            VIR_FREE(def->data.rdp.listenAddr);
     } else if (def->type == VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP) {
         char *fullscreen = virXMLPropString(node, "fullscreen");
 
@@ -4031,6 +4039,11 @@ virDomainGraphicsDefParseXML(xmlNodePtr node, int flags) {
 
         def->data.spice.listenAddr = virXMLPropString(node, "listen");
         def->data.spice.keymap = virXMLPropString(node, "keymap");
+
+        if (def->data.spice.listenAddr &&
+            !def->data.spice.listenAddr[0])
+            VIR_FREE(def->data.spice.listenAddr);
+
         if (virDomainGraphicsAuthDefParseXML(node, &def->data.spice.auth) < 0)
             goto error;