From nobody Sun Oct 5 00:17:44 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1759312274649462.9809717272624; Wed, 1 Oct 2025 02:51:14 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id BBADC44002; Wed, 1 Oct 2025 05:51:13 -0400 (EDT) Received: from [172.19.199.14] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 838B74413A; Wed, 1 Oct 2025 05:50:12 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 5C3E241C7A; Mon, 29 Sep 2025 13:02:22 -0400 (EDT) Received: from air.basealt.ru (air.basealt.ru [193.43.8.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id C736243E82 for ; Mon, 29 Sep 2025 13:02:19 -0400 (EDT) Received: from boringlust.malta.altlinux.ru (obninsk.basealt.ru [217.15.195.17]) (Authenticated sender: rastyoginds) by air.basealt.ru (Postfix) with ESMTPSA id DAD4A2338E for ; Mon, 29 Sep 2025 20:02:16 +0300 (MSK) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 X-Greylist: delayed 344 seconds by postgrey-1.37 at lists.libvirt.org; Mon, 29 Sep 2025 13:02:19 EDT From: gerben@altlinux.org To: devel@lists.libvirt.org Subject: [PATCH] libvirt-secret: handle empty value in virSecretSetValue() Date: Mon, 29 Sep 2025 20:01:31 +0300 Message-ID: <20250929170212.176342-1-gerben@altlinux.org> X-Mailer: git-send-email 2.42.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-MailFrom: gerben@altlinux.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation Message-ID-Hash: UTKTOQSNRJVBMJSGT5WBKB62DQUEAY74 X-Message-ID-Hash: UTKTOQSNRJVBMJSGT5WBKB62DQUEAY74 X-Mailman-Approved-At: Wed, 01 Oct 2025 09:50:03 +0000 X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-ZM-MESSAGEID: 1759312276556116600 Content-Type: text/plain; charset="utf-8" From: Denis Rastyogin virSecretSetValue() previously checked for NULL `value`, but did not handle the case where `value_size` is 0. This could lead to `new_value =3D g_new0(unsigned char, value_size)` returning NULL and subsequent `memcpy(new_value, value, value_size)` dereferencing a NULL pointer. Adding a check prevents this possible issue. Found by Linux Verification Center (linuxtesting.org) with SVACE. Reported-by: Vadim Urtaev Signed-off-by: Denis Rastyogin --- src/libvirt-secret.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libvirt-secret.c b/src/libvirt-secret.c index 4d0c88745d..e4391d1841 100644 --- a/src/libvirt-secret.c +++ b/src/libvirt-secret.c @@ -569,6 +569,7 @@ virSecretSetValue(virSecretPtr secret, const unsigned c= har *value, =20 virCheckReadOnlyGoto(conn->flags, error); virCheckNonNullArgGoto(value, error); + virCheckNonZeroArgGoto(value_size, error); =20 if (conn->secretDriver !=3D NULL && conn->secretDriver->secretSetValue= !=3D NULL) { int ret; --=20 2.42.2