From: Eric Blake <eblake@redhat.com>
Date: Thu, 15 Nov 2012 23:38:13 +0000 (-0700)
Subject: snapshot: require user to supply external memory file name
X-Git-Tag: CVE-2012-3411~114
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=516c12237b489a3660663f9957289a245cdf16a7;p=thirdparty%2Flibvirt.git

snapshot: require user to supply external memory file name

For disk snapshots, the user could request an external snapshot
but not supply a filename; later on, we would check this condition
and generate a suitable name if possible, or gracefully error out
when not possible (such as when the original file was a block
device).  But unless we come up with a suitable way to generate
external memory file names, we have no later code point that was
checking for NULL, so we should forbid this up front.

* src/conf/snapshot_conf.c (virDomainSnapshotDefParseString):
Avoid NULL deref, since we don't generate names yet.
---

diff --git a/src/conf/snapshot_conf.c b/src/conf/snapshot_conf.c
index aa2b5268b4..bff0455831 100644
--- a/src/conf/snapshot_conf.c
+++ b/src/conf/snapshot_conf.c
@@ -293,6 +293,12 @@ virDomainSnapshotDefParseString(const char *xmlStr,
                            memoryFile);
             goto cleanup;
         }
+        if (!memoryFile &&
+            def->memory == VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL) {
+            virReportError(VIR_ERR_XML_ERROR, "%s",
+                           _("external memory snapshots require a filename"));
+            goto cleanup;
+        }
     } else if (memoryFile) {
         def->memory = VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL;
     } else if (flags & VIR_DOMAIN_SNAPSHOT_PARSE_REDEFINE) {