From a72715e0a8694e5a1bc8c67eb7f314b19e201891 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Thu, 4 Jul 2013 12:15:50 +0200 Subject: [PATCH] Adapt to VIR_ALLOC and virAsprintf in src/security/* --- src/security/security_apparmor.c | 25 +++++------------ src/security/security_dac.c | 12 +++------ src/security/security_manager.c | 12 +++------ src/security/security_selinux.c | 46 ++++++++++---------------------- src/security/security_stack.c | 8 ++---- src/security/virt-aa-helper.c | 36 ++++++++++++------------- 6 files changed, 46 insertions(+), 93 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 50b0e74138..eb80d23af8 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -77,16 +77,13 @@ profile_status(const char *str, const int check_enforcing) int rc = -1; /* create string that is ' \0' for accurate matching */ - if (virAsprintf(&tmp, "%s ", str) == -1) { - virReportOOMError(); + if (virAsprintf(&tmp, "%s ", str) == -1) return rc; - } if (check_enforcing != 0) { /* create string that is ' (enforce)\0' for accurate matching */ if (virAsprintf(&etmp, "%s (enforce)", str) == -1) { VIR_FREE(tmp); - virReportOOMError(); return rc; } } @@ -132,10 +129,8 @@ profile_status_file(const char *str) int rc = -1; int len; - if (virAsprintf(&profile, "%s/%s", APPARMOR_DIR "/libvirt", str) == -1) { - virReportOOMError(); + if (virAsprintf(&profile, "%s/%s", APPARMOR_DIR "/libvirt", str) == -1) return rc; - } if (!virFileExists(profile)) goto failed; @@ -147,10 +142,8 @@ profile_status_file(const char *str) } /* create string that is ' flags=(complain)\0' */ - if (virAsprintf(&tmp, " %s flags=(complain)", str) == -1) { - virReportOOMError(); + if (virAsprintf(&tmp, " %s flags=(complain)", str) == -1) goto failed; - } if (strstr(content, tmp) != NULL) rc = 0; @@ -231,10 +224,8 @@ get_profile_name(virDomainDefPtr def) char *name = NULL; virUUIDFormat(def->uuid, uuidstr); - if (virAsprintf(&name, "%s%s", AA_PREFIX, uuidstr) < 0) { - virReportOOMError(); + if (virAsprintf(&name, "%s%s", AA_PREFIX, uuidstr) < 0) return NULL; - } return name; } @@ -363,10 +354,8 @@ AppArmorSecurityManagerProbe(const char *virtDriver) /* see if template file exists */ if (virAsprintf(&template, "%s/TEMPLATE", - APPARMOR_DIR "/libvirt") == -1) { - virReportOOMError(); + APPARMOR_DIR "/libvirt") == -1) return rc; - } if (!virFileExists(template)) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -920,10 +909,8 @@ AppArmorSetFDLabel(virSecurityManagerPtr mgr, if (secdef->imagelabel == NULL) return 0; - if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1) { - virReportOOMError(); + if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1) return rc; - } if (virFileResolveLink(proc, &fd_path) < 0) { /* it's a deleted file, presumably. Ignore? */ diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 0d6defc357..365ab8b221 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -713,10 +713,8 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr, case VIR_DOMAIN_CHR_TYPE_PIPE: if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) || - (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) { - virReportOOMError(); + (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) goto done; - } if (virFileExists(in) && virFileExists(out)) { if ((virSecurityDACSetOwnership(in, user, group) < 0) || (virSecurityDACSetOwnership(out, user, group) < 0)) { @@ -755,10 +753,8 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, case VIR_DOMAIN_CHR_TYPE_PIPE: if ((virAsprintf(&out, "%s.out", dev->data.file.path) < 0) || - (virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) { - virReportOOMError(); + (virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) goto done; - } if (virFileExists(in) && virFileExists(out)) { if ((virSecurityDACRestoreSecurityFileLabel(out) < 0) || (virSecurityDACRestoreSecurityFileLabel(in) < 0)) { @@ -1084,10 +1080,8 @@ virSecurityDACGenLabel(virSecurityManagerPtr mgr, case VIR_DOMAIN_SECLABEL_DYNAMIC: if (virAsprintf(&seclabel->label, "%u:%u", (unsigned int) priv->user, - (unsigned int) priv->group) < 0) { - virReportOOMError(); + (unsigned int) priv->group) < 0) return rc; - } if (seclabel->label == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot generate dac user and group id " diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 1469052ce7..6946637dd2 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -80,10 +80,8 @@ static virSecurityManagerPtr virSecurityManagerNewDriver(virSecurityDriverPtr dr allowDiskFormatProbing, defaultConfined, requireConfined); - if (VIR_ALLOC_N(privateData, drv->privateDataLen) < 0) { - virReportOOMError(); + if (VIR_ALLOC_N(privateData, drv->privateDataLen) < 0) return NULL; - } if (!(mgr = virObjectLockableNew(virSecurityManagerClass))) { VIR_FREE(privateData); @@ -487,10 +485,8 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, /* The seclabel must be added to @vm prior calling domainGenSecurityLabel * which may require seclabel to be presented already */ if (generated && - VIR_APPEND_ELEMENT_QUIET(vm->seclabels, vm->nseclabels, seclabel) < 0) { - virReportOOMError(); + VIR_APPEND_ELEMENT(vm->seclabels, vm->nseclabels, seclabel) < 0) goto cleanup; - } if (sec_managers[i]->drv->domainGenSecurityLabel(sec_managers[i], vm) < 0) { if (VIR_DELETE_ELEMENT(vm->seclabels, @@ -703,10 +699,8 @@ virSecurityManagerGetNested(virSecurityManagerPtr mgr) return virSecurityStackGetNested(mgr); } - if (VIR_ALLOC_N(list, 2) < 0) { - virReportOOMError(); + if (VIR_ALLOC_N(list, 2) < 0) return NULL; - } list[0] = mgr; list[1] = NULL; diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 380aaf5125..00ee41ed61 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -141,20 +141,16 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr, VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin); if (c1 == c2) { - if (virAsprintf(&mcs, "%s:c%d", sens, catMin + c1) < 0) { - virReportOOMError(); + if (virAsprintf(&mcs, "%s:c%d", sens, catMin + c1) < 0) return NULL; - } } else { if (c1 > c2) { int t = c1; c1 = c2; c2 = t; } - if (virAsprintf(&mcs, "%s:c%d,c%d", sens, catMin + c1, catMin + c2) < 0) { - virReportOOMError(); + if (virAsprintf(&mcs, "%s:c%d,c%d", sens, catMin + c1, catMin + c2) < 0) return NULL; - } } if (virHashLookup(data->mcs, mcs) == NULL) @@ -628,7 +624,7 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr, } if (!(range = context_range_get(ctx))) { - virReportOOMError(); + virReportSystemError(errno, "%s", _("unable to get selinux context range")); goto cleanup; } if (VIR_STRDUP(mcs, range) < 0) @@ -1224,9 +1220,8 @@ virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk, if (!disk_seclabel) return -1; disk_seclabel->norelabel = true; - if (VIR_APPEND_ELEMENT_QUIET(disk->seclabels, disk->nseclabels, - disk_seclabel) < 0) { - virReportOOMError(); + if (VIR_APPEND_ELEMENT(disk->seclabels, disk->nseclabels, + disk_seclabel) < 0) { virSecurityDeviceLabelDefFree(disk_seclabel); return -1; } @@ -1390,10 +1385,8 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virDomainDefPtr def, case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_STORAGE: { if (vroot) { if (virAsprintf(&path, "%s/%s", vroot, - dev->source.caps.u.storage.block) < 0) { - virReportOOMError(); + dev->source.caps.u.storage.block) < 0) return -1; - } } else { if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0) return -1; @@ -1406,10 +1399,8 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virDomainDefPtr def, case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_MISC: { if (vroot) { if (virAsprintf(&path, "%s/%s", vroot, - dev->source.caps.u.misc.chardev) < 0) { - virReportOOMError(); + dev->source.caps.u.misc.chardev) < 0) return -1; - } } else { if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0) return -1; @@ -1580,10 +1571,8 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr, case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_STORAGE: { if (vroot) { if (virAsprintf(&path, "%s/%s", vroot, - dev->source.caps.u.storage.block) < 0) { - virReportOOMError(); + dev->source.caps.u.storage.block) < 0) return -1; - } } else { if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0) return -1; @@ -1596,10 +1585,8 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr, case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_MISC: { if (vroot) { if (virAsprintf(&path, "%s/%s", vroot, - dev->source.caps.u.misc.chardev) < 0) { - virReportOOMError(); + dev->source.caps.u.misc.chardev) < 0) return -1; - } } else { if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0) return -1; @@ -1693,10 +1680,8 @@ virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def, case VIR_DOMAIN_CHR_TYPE_PIPE: if ((virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0) || - (virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0)) { - virReportOOMError(); + (virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0)) goto done; - } if (virFileExists(in) && virFileExists(out)) { if ((virSecuritySELinuxSetFilecon(in, imagelabel) < 0) || (virSecuritySELinuxSetFilecon(out, imagelabel) < 0)) { @@ -1760,10 +1745,8 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virSecurityManagerPtr mgr, case VIR_DOMAIN_CHR_TYPE_PIPE: if ((virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0) || - (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0)) { - virReportOOMError(); + (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0)) goto done; - } if (virFileExists(in) && virFileExists(out)) { if ((virSecuritySELinuxRestoreSecurityFileLabel(mgr, out) < 0) || (virSecuritySELinuxRestoreSecurityFileLabel(mgr, in) < 0)) { @@ -2397,7 +2380,8 @@ virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr, if (secdef->label) { ctx = context_new(secdef->label); if (!ctx) { - virReportOOMError(); + virReportSystemError(errno, _("unable to create selinux context for: %s"), + secdef->label); goto cleanup; } range = context_range_get(ctx); @@ -2430,10 +2414,8 @@ virSecuritySELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr, if (secdef->imagelabel && virAsprintf(&opts, ",context=\"%s\"", - (const char*) secdef->imagelabel) < 0) { - virReportOOMError(); + (const char*) secdef->imagelabel) < 0) return NULL; - } } if (!opts && VIR_STRDUP(opts, "") < 0) diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 14d757dba6..9afc6418d7 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -53,10 +53,8 @@ virSecurityStackAddNested(virSecurityManagerPtr mgr, while (tmp && tmp->next) tmp = tmp->next; - if (VIR_ALLOC(item) < 0) { - virReportOOMError(); + if (VIR_ALLOC(item) < 0) return -1; - } item->securityManager = nested; if (tmp) tmp->next = item; @@ -520,10 +518,8 @@ virSecurityStackGetNested(virSecurityManagerPtr mgr) for (item = priv->itemsHead; item; item = item->next) len++; - if (VIR_ALLOC_N(list, len + 1) < 0) { - virReportOOMError(); + if (VIR_ALLOC_N(list, len + 1) < 0) return NULL; - } for (item = priv->itemsHead; item; item = item->next, i++) list[i] = item->securityManager; diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 02359fc5e5..432f059067 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -160,7 +160,7 @@ replace_string(char *orig, const size_t len, const char *oldstr, return -1; } - if (VIR_ALLOC_N(tmp, len) < 0) { + if (VIR_ALLOC_N_QUIET(tmp, len) < 0) { vah_error(NULL, 0, _("could not allocate memory for string")); return -1; } @@ -217,8 +217,8 @@ parserCommand(const char *profile_name, const char cmd) snprintf(flag, 3, "-%c", cmd); - if (virAsprintf(&profile, "%s/%s", - APPARMOR_DIR "/libvirt", profile_name) < 0) { + if (virAsprintfQuiet(&profile, "%s/%s", + APPARMOR_DIR "/libvirt", profile_name) < 0) { vah_error(NULL, 0, _("profile name exceeds maximum length")); return -1; } @@ -275,12 +275,12 @@ update_include_file(const char *include_file, const char *included_files, } if (append && virFileExists(include_file)) { - if (virAsprintf(&pcontent, "%s%s", existing, included_files) == -1) { + if (virAsprintfQuiet(&pcontent, "%s%s", existing, included_files) == -1) { vah_error(NULL, 0, _("could not allocate memory for profile")); goto cleanup; } } else { - if (virAsprintf(&pcontent, "%s%s", warning, included_files) == -1) { + if (virAsprintfQuiet(&pcontent, "%s%s", warning, included_files) == -1) { vah_error(NULL, 0, _("could not allocate memory for profile")); goto cleanup; } @@ -346,7 +346,7 @@ create_profile(const char *profile, const char *profile_name, goto end; } - if (virAsprintf(&template, "%s/TEMPLATE", APPARMOR_DIR "/libvirt") < 0) { + if (virAsprintfQuiet(&template, "%s/TEMPLATE", APPARMOR_DIR "/libvirt") < 0) { vah_error(NULL, 0, _("template name exceeds maximum length")); goto end; } @@ -372,13 +372,13 @@ create_profile(const char *profile, const char *profile_name, } /* '\nprofile \0' */ - if (virAsprintf(&replace_name, "\nprofile %s", profile_name) == -1) { + if (virAsprintfQuiet(&replace_name, "\nprofile %s", profile_name) == -1) { vah_error(NULL, 0, _("could not allocate memory for profile name")); goto clean_tcontent; } /* '\n\n}\0' */ - if (virAsprintf(&replace_files, "\n%s\n}", profile_files) == -1) { + if (virAsprintfQuiet(&replace_files, "\n%s\n}", profile_files) == -1) { vah_error(NULL, 0, _("could not allocate memory for profile files")); VIR_FREE(replace_name); goto clean_tcontent; @@ -391,7 +391,7 @@ create_profile(const char *profile, const char *profile_name, goto clean_replace; } - if (VIR_ALLOC_N(pcontent, plen) < 0) { + if (VIR_ALLOC_N_QUIET(pcontent, plen) < 0) { vah_error(NULL, 0, _("could not allocate memory for profile")); goto clean_replace; } @@ -812,7 +812,7 @@ vah_add_file_chardev(virBufferPtr buf, if (type == VIR_DOMAIN_CHR_TYPE_PIPE) { /* add the pipe input */ - if (virAsprintf(&pipe_in, "%s.in", path) == -1) { + if (virAsprintfQuiet(&pipe_in, "%s.in", path) == -1) { vah_error(NULL, 0, _("could not allocate memory")); goto cleanup; } @@ -821,7 +821,7 @@ vah_add_file_chardev(virBufferPtr buf, goto clean_pipe_in; /* add the pipe output */ - if (virAsprintf(&pipe_out, "%s.out", path) == -1) { + if (virAsprintfQuiet(&pipe_out, "%s.out", path) == -1) { vah_error(NULL, 0, _("could not allocate memory")); goto clean_pipe_in; } @@ -896,7 +896,7 @@ get_files(vahControl * ctl) /* verify uuid is same as what we were given on the command line */ virUUIDFormat(ctl->def->uuid, uuidstr); - if (virAsprintf(&uuid, "%s%s", AA_PREFIX, uuidstr) == -1) { + if (virAsprintfQuiet(&uuid, "%s%s", AA_PREFIX, uuidstr) == -1) { vah_error(ctl, 0, _("could not allocate memory")); return rc; } @@ -1207,12 +1207,12 @@ main(int argc, char **argv) if (vahParseArgv(ctl, argc, argv) != 0) vah_error(ctl, 1, _("could not parse arguments")); - if (virAsprintf(&profile, "%s/%s", - APPARMOR_DIR "/libvirt", ctl->uuid) < 0) + if (virAsprintfQuiet(&profile, "%s/%s", + APPARMOR_DIR "/libvirt", ctl->uuid) < 0) vah_error(ctl, 0, _("could not allocate memory")); - if (virAsprintf(&include_file, "%s/%s.files", - APPARMOR_DIR "/libvirt", ctl->uuid) < 0) + if (virAsprintfQuiet(&include_file, "%s/%s.files", + APPARMOR_DIR "/libvirt", ctl->uuid) < 0) vah_error(ctl, 0, _("could not allocate memory")); if (ctl->cmd == 'a') @@ -1271,8 +1271,8 @@ main(int argc, char **argv) /* create the profile from TEMPLATE */ if (ctl->cmd == 'c') { char *tmp = NULL; - if (virAsprintf(&tmp, " #include \n", - ctl->uuid) == -1) { + if (virAsprintfQuiet(&tmp, " #include \n", + ctl->uuid) == -1) { vah_error(ctl, 0, _("could not allocate memory")); goto cleanup; } -- GitLab