libvirt-secret: handle empty value in virSecretSetValue()

[PATCH] libvirt-secret: handle empty value in virSecretSetValue()

gerben@altlinux.org posted 1 patch 5 days, 5 hours ago

Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20250929170212.176342-1-gerben@altlinux.org

src/libvirt-secret.c | 1 +
1 file changed, 1 insertion(+)

Expand all Fold all

[PATCH] libvirt-secret: handle empty value in virSecretSetValue()

Posted by gerben@altlinux.org 5 days, 5 hours ago

From: Denis Rastyogin <gerben@altlinux.org>

virSecretSetValue() previously checked for NULL `value`, but did not
handle the case where `value_size` is 0. This could lead to
`new_value = g_new0(unsigned char, value_size)` returning NULL
and subsequent `memcpy(new_value, value, value_size)` dereferencing
a NULL pointer.

Adding a check prevents this possible issue.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Reported-by: Vadim Urtaev <v.urtaev@fobos-nt.ru>
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
---
 src/libvirt-secret.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libvirt-secret.c b/src/libvirt-secret.c
index 4d0c88745d..e4391d1841 100644
--- a/src/libvirt-secret.c
+++ b/src/libvirt-secret.c
@@ -569,6 +569,7 @@ virSecretSetValue(virSecretPtr secret, const unsigned char *value,
 
     virCheckReadOnlyGoto(conn->flags, error);
     virCheckNonNullArgGoto(value, error);
+    virCheckNonZeroArgGoto(value_size, error);
 
     if (conn->secretDriver != NULL && conn->secretDriver->secretSetValue != NULL) {
         int ret;
-- 
2.42.2