From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 20 Nov 2014 12:09:16 +0000 (+0100)
Subject: qemu: Fix crash in tunnelled migration
X-Git-Tag: CVE-2014-8135~115
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=v1.2.10-144-g52691f9;p=thirdparty%2Flibvirt.git

qemu: Fix crash in tunnelled migration

Any attempt to start a tunnelled migration with libvirtd that supports
RDMA migration (specifically commit v1.2.8-226-ged22a47) crashes
libvirtd on the destination host.

The crash is inevitable because qemuMigrationPrepareAny is always called
with NULL protocol in case of tunnelled migration.

https://bugzilla.redhat.com/show_bug.cgi?id=1147331
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---

diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 100600e2d6..89313dff1a 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -2707,7 +2707,7 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
                                        QEMU_MIGRATION_COOKIE_NBD)))
         goto cleanup;
 
-    if (STREQ(protocol, "rdma") && !vm->def->mem.hard_limit) {
+    if (STREQ_NULLABLE(protocol, "rdma") && !vm->def->mem.hard_limit) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
                        _("cannot start RDMA migration with no memory hard "
                          "limit set"));