Avoid crash in security driver if model is NULL

If the XML security model is NULL, it is assumed that the current model will be used with dynamic labelling. The verify step is meaningless and potentially crashes if dereferencing NULL * src/security/security_manager.c: Skip NULL model on verify

Avoid crash in security driver if model is NULL
If the XML security model is NULL, it is assumed that the current model will be used with dynamic labelling. The verify step is meaningless and potentially crashes if dereferencing NULL * src/security/security_manager.c: Skip NULL model on verify
31c698d7 · Daniel P. Berrange · bda57661 · 31c698d7
显示空白变更内容
内联并排

Showing with 8 addition and 0 deletion

src/security/security_manager.c src/security/security_manager.c +8 -0

未找到文件。
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -309,6 +309,14 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
 int virSecurityManagerVerify(virSecurityManagerPtr mgr,
                             virDomainDefPtr def)
 {
+    const virSecurityLabelDefPtr secdef = &def->seclabel;
+    /* NULL model == dynamic labelling, with whatever driver
+     * is active, so we can short circuit verify check to
+     * avoid drivers de-referencing NULLs by accident
+     */
+    if (!secdef->model)
+        return 0;
    if (mgr->drv->domainSecurityVerify)
        return mgr->drv->domainSecurityVerify(mgr, def);