Fix crash parsing RNG device specification

Code that validates the whitelist for the RNG device filename didn't account for fact that filename may be NULL. This led to a NULL reference crash. This wasn't caught since the test suite was not covering this XML syntax Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>

Fix crash parsing RNG device specification
Code that validates the whitelist for the RNG device filename didn't account for fact that filename may be NULL. This led to a NULL reference crash. This wasn't caught since the test suite was not covering this XML syntax Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>
75e656a3 · Daniel P. Berrange · 1cf4ef1f · 75e656a3 · 75e656a3 · 75e656a3
4 changed file
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7424,7 +7424,8 @@ virDomainRNGDefParseXML(const xmlNodePtr node,
    switch ((enum virDomainRNGBackend) def->backend) {
    case VIR_DOMAIN_RNG_BACKEND_RANDOM:
        def->source.file = virXPathString("string(./backend)", ctxt);
-        if (STRNEQ(def->source.file, "/dev/random") &&
+        if (def->source.file &&
+            STRNEQ(def->source.file, "/dev/random") &&
            STRNEQ(def->source.file, "/dev/hwrng")) {
            virReportError(VIR_ERR_XML_ERROR,
                           _("file '%s' is not a supported random source"),

--- a/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.args
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu \
+-S -M pc -m 214 -smp 1 -nographic -nodefaults \
+-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 \
+-object rng-random,id=rng0 \
+-device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x4
--- a/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.xml
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219100</memory>
+  <currentMemory unit='KiB'>219100</currentMemory>
+  <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <controller type='usb' index='0'/>
+    <memballoon model='virtio'/>
+    <rng model='virtio'>
+      <backend model='random'/>
+    </rng>
+  </devices>
+</domain>
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -882,6 +882,8 @@ mymain(void)
            QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIDEO_PRIMARY,
            QEMU_CAPS_DEVICE_QXL, QEMU_CAPS_DEVICE_QXL_VGA);

+    DO_TEST("virtio-rng-default", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,
+            QEMU_CAPS_OBJECT_RNG_RANDOM);
    DO_TEST("virtio-rng-random", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,
            QEMU_CAPS_OBJECT_RNG_RANDOM);
    DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,