The virSocketAddrFormatWithPrefix() function has a bug where the
'network' variable is left uninitialized when masked=false. This
occurs because the function only assigns to 'network' inside the
masked=true conditional branch.
When masked=false, the caller wants to format the original address
with a prefix notation (e.g., "1.2.3.4/24") without applying the
network mask. However, the code was only initializing 'network'
when masking was requested, causing the subsequent
virSocketAddrFormat(&network) call to operate on uninitialized data.
Fix this by adding an else branch that copies the original address
to 'network' when masking is not requested. This ensures 'network'
is properly initialized in both code paths.
Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
---
src/util/virsocketaddr.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/util/virsocketaddr.c b/src/util/virsocketaddr.c
index f53768878e..80ee3b4c51 100644
--- a/src/util/virsocketaddr.c
+++ b/src/util/virsocketaddr.c
@@ -549,10 +549,14 @@ virSocketAddrFormatWithPrefix(virSocketAddr *addr,
return NULL;
}
- if (masked && virSocketAddrMaskByPrefix(addr, prefix, &network) < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Failure to mask address"));
- return NULL;
+ if (masked) {
+ if (virSocketAddrMaskByPrefix(addr, prefix, &network) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Failure to mask address"));
+ return NULL;
+ }
+ } else {
+ network = *addr;
}
netstr = virSocketAddrFormat(&network);
--
2.52.0Waiting for feedback, but this is interesting because I don't see any usage of:
virSocketAddrFormatWithPrefix(..., ..., false)
Perhaps, we need to change the scope of this function...
Em seg., 5 de jan. de 2026 às 10:29, Julio Faracco
<jcfaracco@gmail.com> escreveu:
>
> The virSocketAddrFormatWithPrefix() function has a bug where the
> 'network' variable is left uninitialized when masked=false. This
> occurs because the function only assigns to 'network' inside the
> masked=true conditional branch.
>
> When masked=false, the caller wants to format the original address
> with a prefix notation (e.g., "1.2.3.4/24") without applying the
> network mask. However, the code was only initializing 'network'
> when masking was requested, causing the subsequent
> virSocketAddrFormat(&network) call to operate on uninitialized data.
>
> Fix this by adding an else branch that copies the original address
> to 'network' when masking is not requested. This ensures 'network'
> is properly initialized in both code paths.
>
> Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
> ---
> src/util/virsocketaddr.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/src/util/virsocketaddr.c b/src/util/virsocketaddr.c
> index f53768878e..80ee3b4c51 100644
> --- a/src/util/virsocketaddr.c
> +++ b/src/util/virsocketaddr.c
> @@ -549,10 +549,14 @@ virSocketAddrFormatWithPrefix(virSocketAddr *addr,
> return NULL;
> }
>
> - if (masked && virSocketAddrMaskByPrefix(addr, prefix, &network) < 0) {
> - virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> - _("Failure to mask address"));
> - return NULL;
> + if (masked) {
> + if (virSocketAddrMaskByPrefix(addr, prefix, &network) < 0) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("Failure to mask address"));
> + return NULL;
> + }
> + } else {
> + network = *addr;
> }
>
> netstr = virSocketAddrFormat(&network);
> --
> 2.52.0
>
--
Julio Faracco
© 2016 - 2026 Red Hat, Inc.