From 34e5791332850657b6e9e7f92190c08d458a9c37 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A1n=20Tomko?= Date: Wed, 28 Nov 2012 14:34:50 +0100 Subject: [PATCH] conf: check the return value of virXPathNodeSet In a few places, the return value could get passed to VIR_ALLOC_N without being checked, resulting in a request to allocate a lot of memory if the return value was negative. --- src/conf/domain_conf.c | 8 ++++++-- src/conf/storage_conf.c | 5 ++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 2ca608f8d8..814859ab25 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3258,7 +3258,9 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def, saved_node = ctxt->node; /* Allocate a security labels based on XML */ - if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) == 0) + if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) < 0) + goto error; + if (n == 0) return 0; if (VIR_ALLOC_N(def->seclabels, n) < 0) { @@ -3345,7 +3347,9 @@ virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDefPtr **seclabels_rtn, virSecurityLabelDefPtr vmDef = NULL; char *model, *relabel, *label; - if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) == 0) + if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) < 0) + goto error; + if (n == 0) return 0; if (VIR_ALLOC_N(seclabels, n) < 0) { diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c index 1c9934c4ea..3fdc5b639c 100644 --- a/src/conf/storage_conf.c +++ b/src/conf/storage_conf.c @@ -479,6 +479,7 @@ virStoragePoolDefParseSource(xmlXPathContextPtr ctxt, virStoragePoolOptionsPtr options; char *name = NULL; char *port = NULL; + int n; relnode = ctxt->node; ctxt->node = node; @@ -510,7 +511,9 @@ virStoragePoolDefParseSource(xmlXPathContextPtr ctxt, VIR_FREE(format); } - source->nhost = virXPathNodeSet("./host", ctxt, &nodeset); + if ((n = virXPathNodeSet("./host", ctxt, &nodeset)) < 0) + goto cleanup; + source->nhost = n; if (source->nhost) { if (VIR_ALLOC_N(source->hosts, source->nhost) < 0) { -- 2.47.2