[PATCH] virtiofsd: Fix security.capability comparison

Dr. David Alan Gilbert (git) posted 1 patch 2 years, 12 months ago
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20210401145845.78445-1-dgilbert@redhat.com
Maintainers: Stefan Hajnoczi <stefanha@redhat.com>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>
tools/virtiofsd/passthrough_ll.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
[PATCH] virtiofsd: Fix security.capability comparison
Posted by Dr. David Alan Gilbert (git) 2 years, 12 months ago
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>

My security fix for the security.capability remap has a silly early
segfault in a simple case where there is an xattrmapping but it doesn't
remap the securty.capability.

Fixes: e586edcb41054 ("virtiofs: drop remapped security.capability xattr as needed")
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
---
 tools/virtiofsd/passthrough_ll.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index b144320e48..1553d2ef45 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2636,7 +2636,8 @@ static void parse_xattrmap(struct lo_data *lo)
                 strerror(ret));
         exit(1);
     }
-    if (!strcmp(lo->xattr_security_capability, "security.capability")) {
+    if (!lo->xattr_security_capability ||
+        !strcmp(lo->xattr_security_capability, "security.capability")) {
         /* 1-1 mapping, don't need to do anything */
         free(lo->xattr_security_capability);
         lo->xattr_security_capability = NULL;
-- 
2.31.1


Re: [Virtio-fs] [PATCH] virtiofsd: Fix security.capability comparison
Posted by Connor Kuehl 2 years, 12 months ago
On 4/1/21 9:58 AM, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
> 
> My security fix for the security.capability remap has a silly early
> segfault in a simple case where there is an xattrmapping but it doesn't
> remap the securty.capability.

s/securty/security

> 
> Fixes: e586edcb41054 ("virtiofs: drop remapped security.capability xattr as needed")
> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

Reviewed-by: Connor Kuehl <ckuehl@redhat.com>

> ---
>   tools/virtiofsd/passthrough_ll.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> index b144320e48..1553d2ef45 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -2636,7 +2636,8 @@ static void parse_xattrmap(struct lo_data *lo)
>                   strerror(ret));
>           exit(1);
>       }
> -    if (!strcmp(lo->xattr_security_capability, "security.capability")) {
> +    if (!lo->xattr_security_capability ||
> +        !strcmp(lo->xattr_security_capability, "security.capability")) {
>           /* 1-1 mapping, don't need to do anything */
>           free(lo->xattr_security_capability);
>           lo->xattr_security_capability = NULL;
>