From nobody Tue Nov 26 13:23:30 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1574326733; cv=none; d=zoho.com; s=zohoarc; b=c1RvrWiPYyPYYPcrOq6K6kSlY+mt9POsU0h0iHaQ8hiI6le3wLcMdpKQjnQcwb2tlIU8qC1vDzyNExeY5UVnlEehChAbTpffYGOweENAN/eWgO2ABAmOYqBuK44j6FNKYF7JMR5ZOdbc4OW3hy/LC4m6GoL0ir/NakBiHFPhnj4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1574326733; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=tQKn5uSf5mpCMhBiKw8Qp9IWPmlVNuRSQBR7dg2qL7A=; b=XOx+rUzg+In1ABea8N2IWCybJlFB/V3ywSUs3gs+00xpjc1pRVjE35skDx9YmjkFiougt1R4FxS6Gxb9S7Cj38S+nqT5asaQejPfJGPq7ksjF+W+r5/Zg4xZ41LqCyBhhYxuwhG2SfCLmDiC2PJQZaFn3a9wvfQMzX3aYLdD8mo= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1574326733118356.7266753989096; Thu, 21 Nov 2019 00:58:53 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-42-iBM3HZdlNyWwui9-U7k59Q-1; Thu, 21 Nov 2019 03:58:47 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 91372100551B; Thu, 21 Nov 2019 08:58:42 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6889B6FDD9; Thu, 21 Nov 2019 08:58:42 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2568118089CE; Thu, 21 Nov 2019 08:58:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id xAL8wdjs000718 for ; Thu, 21 Nov 2019 03:58:39 -0500 Received: by smtp.corp.redhat.com (Postfix) id C2F0D53E19; Thu, 21 Nov 2019 08:58:39 +0000 (UTC) Received: from ridgehead.redhat.com (unknown [10.43.2.116]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2279E60BC3; Thu, 21 Nov 2019 08:58:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1574326731; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=tQKn5uSf5mpCMhBiKw8Qp9IWPmlVNuRSQBR7dg2qL7A=; b=ED1OV3fIPWsO8lWjzCHk9DaGl834i+dQJWvKqHbQ/gyE4uvJGSHROoF2G2/XARK21GYnGk A7w9uafqqU+eV0BBy/XZnouU+RerqZz5fB/JRFPyAdIZ9Bnu2V8fUURC9BZu8cj4iIHgC1 yC4WEPg6OCRwjcTEzi9wjZeEqkz24yU= From: Erik Skultety To: libvir-list@redhat.com Date: Thu, 21 Nov 2019 09:58:32 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: Erik Skultety Subject: [libvirt] [PATCH v2 4/4] libvirt-: Check caller-provided buffers to be NULL with size > 0 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-MC-Unique: iBM3HZdlNyWwui9-U7k59Q-1 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Pre-Glib era which used malloc allowed the size of the client-side buffers to be declared as 0, because malloc documents that it can either return 0 or a unique pointer on 0 size allocations. With glib this doesn't work anymore, because glib documents that for such allocation requests NULL is always returned which results in an error in our public API checks server-side. This patch complements the fix in the RPC layer by explicitly erroring out on the following combination of args used by our legacy APIs (their moder equivalents don't suffer from this): function(caller-allocated-array, size, ...) { if (!caller-allocated-array && size > 0) return error; } treating everything else as a valid input and potentially let that fail on the server-side rather than client-side. Signed-off-by: Erik Skultety Reviewed-by: Daniel P. Berrang=C3=A9 --- src/internal.h | 13 +++++++++++++ src/libvirt-domain-snapshot.c | 4 ++-- src/libvirt-domain.c | 21 ++++++--------------- src/libvirt-host.c | 2 +- src/libvirt-interface.c | 4 ++-- src/libvirt-network.c | 4 ++-- src/libvirt-nodedev.c | 4 ++-- src/libvirt-nwfilter.c | 2 +- src/libvirt-secret.c | 2 +- src/libvirt-storage.c | 6 +++--- 10 files changed, 33 insertions(+), 29 deletions(-) diff --git a/src/internal.h b/src/internal.h index 0ff9f496ac..bcc5a1c157 100644 --- a/src/internal.h +++ b/src/internal.h @@ -429,6 +429,19 @@ } \ } while (0) =20 +/* This check is intended to be used with legacy APIs only which expect the + * caller to pre-allocate the target buffer. + * We want to allow callers pass NULL arrays if the size is declared as 0 = and + * still succeed in calling the API. + */ +#define virCheckNonNullArrayArgGoto(argname, argsize, label) \ + do { \ + if (!argname && argsize > 0) { \ + virReportInvalidNonNullArg(argname); \ + goto label; \ + } \ + } while (0) + =20 /* Count leading zeros in an unsigned int. * diff --git a/src/libvirt-domain-snapshot.c b/src/libvirt-domain-snapshot.c index 20a3bc5545..33593e11e9 100644 --- a/src/libvirt-domain-snapshot.c +++ b/src/libvirt-domain-snapshot.c @@ -398,7 +398,7 @@ virDomainSnapshotListNames(virDomainPtr domain, char **= names, int nameslen, virCheckDomainReturn(domain, -1); conn =3D domain->conn; =20 - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, nameslen, error); virCheckNonNegativeArgGoto(nameslen, error); =20 if (conn->driver->domainSnapshotListNames) { @@ -600,7 +600,7 @@ virDomainSnapshotListChildrenNames(virDomainSnapshotPtr= snapshot, virCheckDomainSnapshotReturn(snapshot, -1); conn =3D snapshot->domain->conn; =20 - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, nameslen, error); virCheckNonNegativeArgGoto(nameslen, error); =20 if (conn->driver->domainSnapshotListChildrenNames) { diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 02622cb2ca..17cdd5bcaf 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -59,7 +59,7 @@ virConnectListDomains(virConnectPtr conn, int *ids, int m= axids) virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(ids, error); + virCheckNonNullArrayArgGoto(ids, maxids, error); virCheckNonNegativeArgGoto(maxids, error); =20 if (conn->driver->connectListDomains) { @@ -6386,7 +6386,7 @@ virConnectListDefinedDomains(virConnectPtr conn, char= **const names, virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, maxnames, error); virCheckNonNegativeArgGoto(maxnames, error); =20 if (conn->driver->connectListDefinedDomains) { @@ -7298,7 +7298,7 @@ virDomainGetVcpuPinInfo(virDomainPtr domain, int ncpu= maps, virCheckDomainReturn(domain, -1); conn =3D domain->conn; =20 - virCheckNonNullArgGoto(cpumaps, error); + virCheckNonNullArrayArgGoto(cpumaps, ncpumaps, error); virCheckPositiveArgGoto(ncpumaps, error); virCheckPositiveArgGoto(maplen, error); =20 @@ -10996,10 +10996,7 @@ virDomainGetDiskErrors(virDomainPtr dom, =20 virCheckDomainReturn(dom, -1); =20 - if (maxerrors) - virCheckNonNullArgGoto(errors, error); - else - virCheckNullArgGoto(errors, error); + virCheckNonNullArrayArgGoto(errors, maxerrors, error); =20 if (dom->conn->driver->domainGetDiskErrors) { int ret =3D dom->conn->driver->domainGetDiskErrors(dom, errors, @@ -11136,10 +11133,7 @@ virDomainFSFreeze(virDomainPtr dom, =20 virCheckDomainReturn(dom, -1); virCheckReadOnlyGoto(dom->conn->flags, error); - if (nmountpoints) - virCheckNonNullArgGoto(mountpoints, error); - else - virCheckNullArgGoto(mountpoints, error); + virCheckNonNullArrayArgGoto(mountpoints, nmountpoints, error); =20 if (dom->conn->driver->domainFSFreeze) { int ret =3D dom->conn->driver->domainFSFreeze( @@ -11181,10 +11175,7 @@ virDomainFSThaw(virDomainPtr dom, =20 virCheckDomainReturn(dom, -1); virCheckReadOnlyGoto(dom->conn->flags, error); - if (nmountpoints) - virCheckNonNullArgGoto(mountpoints, error); - else - virCheckNullArgGoto(mountpoints, error); + virCheckNonNullArrayArgGoto(mountpoints, nmountpoints, error); =20 if (dom->conn->driver->domainFSThaw) { int ret =3D dom->conn->driver->domainFSThaw( diff --git a/src/libvirt-host.c b/src/libvirt-host.c index 221a1b7a43..94ba5a8e80 100644 --- a/src/libvirt-host.c +++ b/src/libvirt-host.c @@ -910,7 +910,7 @@ virNodeGetCellsFreeMemory(virConnectPtr conn, unsigned = long long *freeMems, virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(freeMems, error); + virCheckNonNullArrayArgGoto(freeMems, maxCells, error); virCheckPositiveArgGoto(maxCells, error); virCheckNonNegativeArgGoto(startCell, error); =20 diff --git a/src/libvirt-interface.c b/src/libvirt-interface.c index 7228ddca57..2d2df68131 100644 --- a/src/libvirt-interface.c +++ b/src/libvirt-interface.c @@ -166,7 +166,7 @@ virConnectListInterfaces(virConnectPtr conn, char **con= st names, int maxnames) virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, maxnames, error); virCheckNonNegativeArgGoto(maxnames, error); =20 if (conn->interfaceDriver && conn->interfaceDriver->connectListInterfa= ces) { @@ -245,7 +245,7 @@ virConnectListDefinedInterfaces(virConnectPtr conn, virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, maxnames, error); virCheckNonNegativeArgGoto(maxnames, error); =20 if (conn->interfaceDriver && conn->interfaceDriver->connectListDefined= Interfaces) { diff --git a/src/libvirt-network.c b/src/libvirt-network.c index 146ccc5e4a..09e24fb0a8 100644 --- a/src/libvirt-network.c +++ b/src/libvirt-network.c @@ -175,7 +175,7 @@ virConnectListNetworks(virConnectPtr conn, char **const= names, int maxnames) virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, maxnames, error); virCheckNonNegativeArgGoto(maxnames, error); =20 if (conn->networkDriver && conn->networkDriver->connectListNetworks) { @@ -252,7 +252,7 @@ virConnectListDefinedNetworks(virConnectPtr conn, char = **const names, virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, maxnames, error); virCheckNonNegativeArgGoto(maxnames, error); =20 if (conn->networkDriver && conn->networkDriver->connectListDefinedNetw= orks) { diff --git a/src/libvirt-nodedev.c b/src/libvirt-nodedev.c index 10050b193b..dce46b7181 100644 --- a/src/libvirt-nodedev.c +++ b/src/libvirt-nodedev.c @@ -169,7 +169,7 @@ virNodeListDevices(virConnectPtr conn, virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, maxnames, error); virCheckNonNegativeArgGoto(maxnames, error); =20 if (conn->nodeDeviceDriver && conn->nodeDeviceDriver->nodeListDevices)= { @@ -415,7 +415,7 @@ virNodeDeviceListCaps(virNodeDevicePtr dev, virResetLastError(); =20 virCheckNodeDeviceReturn(dev, -1); - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, maxnames, error); virCheckNonNegativeArgGoto(maxnames, error); =20 if (dev->conn->nodeDeviceDriver && dev->conn->nodeDeviceDriver->nodeDe= viceListCaps) { diff --git a/src/libvirt-nwfilter.c b/src/libvirt-nwfilter.c index 16eceb6525..d28220db8a 100644 --- a/src/libvirt-nwfilter.c +++ b/src/libvirt-nwfilter.c @@ -127,7 +127,7 @@ virConnectListNWFilters(virConnectPtr conn, char **cons= t names, int maxnames) virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, maxnames, error); virCheckNonNegativeArgGoto(maxnames, error); =20 if (conn->nwfilterDriver && conn->nwfilterDriver->connectListNWFilters= ) { diff --git a/src/libvirt-secret.c b/src/libvirt-secret.c index 711c4fc580..33cbdd7b0b 100644 --- a/src/libvirt-secret.c +++ b/src/libvirt-secret.c @@ -166,7 +166,7 @@ virConnectListSecrets(virConnectPtr conn, char **uuids,= int maxuuids) virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(uuids, error); + virCheckNonNullArrayArgGoto(uuids, maxuuids, error); virCheckNonNegativeArgGoto(maxuuids, error); =20 if (conn->secretDriver !=3D NULL && conn->secretDriver->connectListSec= rets !=3D NULL) { diff --git a/src/libvirt-storage.c b/src/libvirt-storage.c index 05b2365692..0406fe84d3 100644 --- a/src/libvirt-storage.c +++ b/src/libvirt-storage.c @@ -197,7 +197,7 @@ virConnectListStoragePools(virConnectPtr conn, virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, maxnames, error); virCheckNonNegativeArgGoto(maxnames, error); =20 if (conn->storageDriver && conn->storageDriver->connectListStoragePool= s) { @@ -277,7 +277,7 @@ virConnectListDefinedStoragePools(virConnectPtr conn, virResetLastError(); =20 virCheckConnectReturn(conn, -1); - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, maxnames, error); virCheckNonNegativeArgGoto(maxnames, error); =20 if (conn->storageDriver && conn->storageDriver->connectListDefinedStor= agePools) { @@ -1268,7 +1268,7 @@ virStoragePoolListVolumes(virStoragePoolPtr pool, virResetLastError(); =20 virCheckStoragePoolReturn(pool, -1); - virCheckNonNullArgGoto(names, error); + virCheckNonNullArrayArgGoto(names, maxnames, error); virCheckNonNegativeArgGoto(maxnames, error); =20 if (pool->conn->storageDriver && pool->conn->storageDriver->storagePoo= lListVolumes) { --=20 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list