src/conf/virsecretobj.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Ensure that the value in the secret object is validated not only for NULL
but also for its size. An empty value may not always be NULL, if it has
been manually deleted from the .base64 file.
Signed-off-by: Adam Julis <ajulis@redhat.com>
---
src/conf/virsecretobj.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c
index 455798d414..3cb1ec2b4b 100644
--- a/src/conf/virsecretobj.c
+++ b/src/conf/virsecretobj.c
@@ -719,7 +719,7 @@ virSecretObjGetValue(virSecretObj *obj)
virSecretDef *def = obj->def;
unsigned char *ret = NULL;
- if (!obj->value) {
+ if (!obj->value || (obj->value_size < 1 )) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(def->uuid, uuidstr);
virReportError(VIR_ERR_NO_SECRET,
--
2.47.1
On Tue, Jan 14, 2025 at 03:06:09PM +0100, Adam Julis wrote: > Ensure that the value in the secret object is validated not only for NULL > but also for its size. An empty value may not always be NULL, if it has > been manually deleted from the .base64 file. This sounds a bit wierd - can you explain in more detail what the bug scenario is ? > Signed-off-by: Adam Julis <ajulis@redhat.com> > --- > src/conf/virsecretobj.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c > index 455798d414..3cb1ec2b4b 100644 > --- a/src/conf/virsecretobj.c > +++ b/src/conf/virsecretobj.c > @@ -719,7 +719,7 @@ virSecretObjGetValue(virSecretObj *obj) > virSecretDef *def = obj->def; > unsigned char *ret = NULL; > > - if (!obj->value) { > + if (!obj->value || (obj->value_size < 1 )) { My gut feeling is that if there is a bug, then it lies in whatever code created the non-NULL obj->value PTR, while setting value_size == 0 IOW, fix the place that created the bad data originally, rather than the place were we access it. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Since the empty file with a .base64 value wasn't recognized during the loading
process (starting of libvirtd), attempting to get a value for the UUID resulted
in an undefined error. This patch resolves the issue by checking the size of
the file and ensuring that the stored value is as expected (NULL).
Signed-off-by: Adam Julis <ajulis@redhat.com>
---
src/conf/virsecretobj.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c
index 455798d414..66270e2751 100644
--- a/src/conf/virsecretobj.c
+++ b/src/conf/virsecretobj.c
@@ -836,6 +836,11 @@ virSecretLoadValue(virSecretObj *obj)
goto cleanup;
}
+ if (st.st_size < 1) {
+ ret = 0;
+ goto cleanup;
+ }
+
contents = g_new0(char, st.st_size + 1);
if (saferead(fd, contents, st.st_size) != st.st_size) {
--
2.47.1
© 2016 - 2025 Red Hat, Inc.