From: Daniel P. Berrange Date: Tue, 5 Dec 2017 16:39:05 +0000 (+0000) Subject: nwfilter: don't crash listing filters in unprivileged daemon X-Git-Tag: v4.0.0-rc1~174 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7993554f70fd8d512dfde484490bcd1601b60b33;p=thirdparty%2Flibvirt.git nwfilter: don't crash listing filters in unprivileged daemon The unprivileged libvirtd does not support nwfilter config, by leaves the driver active. It is supposed to result in all APIs being an effective no-op, but several APIs rely on driver->nwfilters being non-NULL, or they will reference a NULL pointer. Rather than adding checks for NULL in many places, just make sure driver->nwfilters is always initialized. Reviewed-by: John Ferlan Signed-off-by: Daniel P. Berrange --- diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 2f9a51c405..885dbcc282 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -189,6 +189,8 @@ nwfilterStateInitialize(bool privileged, /* remember that we are going to use firewalld */ driver->watchingFirewallD = (sysbus != NULL); driver->privileged = privileged; + if (!(driver->nwfilters = virNWFilterObjListNew())) + goto error; if (!privileged) return 0; @@ -244,9 +246,6 @@ nwfilterStateInitialize(bool privileged, goto error; } - if (!(driver->nwfilters = virNWFilterObjListNew())) - goto error; - if (virNWFilterObjListLoadAllConfigs(driver->nwfilters, driver->configDir) < 0) goto error; @@ -271,6 +270,7 @@ nwfilterStateInitialize(bool privileged, virNWFilterIPAddrMapShutdown(); err_free_driverstate: + virNWFilterObjListFree(driver->nwfilters); VIR_FREE(driver); return -1; @@ -349,13 +349,13 @@ nwfilterStateCleanup(void) nwfilterDriverRemoveDBusMatches(); - /* free inactive nwfilters */ - virNWFilterObjListFree(driver->nwfilters); - VIR_FREE(driver->configDir); nwfilterDriverUnlock(); } + /* free inactive nwfilters */ + virNWFilterObjListFree(driver->nwfilters); + virMutexDestroy(&driver->lock); VIR_FREE(driver);