From ecca0dded412c84c3c89f9e4f1d6f2c5c57b4174 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Wed, 11 Jun 2025 13:59:49 +0200 Subject: [PATCH] virt-aa-helper: Check retval of vah_add_file() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Inside of get_files() there are two cases where vah_add_file() is not checked for its retval. This is possibly dangerous, because vah_add_file() might fail. Fix those places by introducing checks for the retval. Signed-off-by: Michal Privoznik Reviewed-by: Ján Tomko --- src/security/virt-aa-helper.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 2ea4b47fa5..7748a0d19b 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1022,15 +1022,17 @@ get_files(vahControl * ctl) const char *rendernode = virDomainGraphicsGetRenderNode(graphics); if (rendernode) { - vah_add_file(&buf, rendernode, "rw"); + if (vah_add_file(&buf, rendernode, "rw") != 0) + goto cleanup; needsgl = true; } else { if (virDomainGraphicsNeedsAutoRenderNode(graphics)) { g_autofree char *defaultRenderNode = virHostGetDRMRenderNode(); needsgl = true; - if (defaultRenderNode) { - vah_add_file(&buf, defaultRenderNode, "rw"); + if (defaultRenderNode && + vah_add_file(&buf, defaultRenderNode, "rw") != 0) { + goto cleanup; } } } -- 2.47.3