Bug 1249511
| Summary: | Calling "PyList_Append" without checking return value | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jiri Denemark <jdenemar> |
| Component: | libvirt-python | Assignee: | Jiri Denemark <jdenemar> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.1 | CC: | dyuan, honzhang, lhuang, mzhan, weizhan |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-python-1.2.17-2.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-19 05:35:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jiri Denemark
2015-08-03 08:24:22 UTC
Patch sent upstream for review: https://www.redhat.com/archives/libvir-list/2015-August/msg00026.html Verify this bug via check the code, and make sure the function works well:
1.
# rpm -q libvirt-python-debuginfo
libvirt-python-debuginfo-1.2.17-2.el7.x86_64
# rpm -q libvirt-python
libvirt-python-1.2.17-2.el7.x86_64
2.
check the debuginfo in /usr/src/debug/:
static PyObject *
libvirt_virDomainGetSecurityLabelList(PyObject *self ATTRIBUTE_UNUSED,
PyObject *args)
{
PyObject *py_retval;
int c_retval;
virDomainPtr dom;
PyObject *pyobj_dom;
virSecurityLabel *labels = NULL;
size_t i;
if (!PyArg_ParseTuple(args, (char *)"O:virDomainGetSecurityLabel", &pyobj_dom))
return NULL;
dom = (virDomainPtr) PyvirDomain_Get(pyobj_dom);
LIBVIRT_BEGIN_ALLOW_THREADS;
c_retval = virDomainGetSecurityLabelList(dom, &labels);
LIBVIRT_END_ALLOW_THREADS;
if (c_retval < 0)
return VIR_PY_NONE;
if (!(py_retval = PyList_New(0)))
goto error;
for (i = 0 ; i < c_retval ; i++) {
PyObject *entry;
PyObject *value;
if (!(entry = PyList_New(2)) ||
PyList_Append(py_retval, entry) < 0) {
Py_XDECREF(entry);
goto error;
}
if (!(value = libvirt_constcharPtrWrap(&labels[i].label[0])) ||
PyList_SetItem(entry, 0, value) < 0) {
Py_XDECREF(value);
goto error;
}
if (!(value = libvirt_boolWrap(labels[i].enforcing)) ||
PyList_SetItem(entry, 1, value) < 0) {
Py_XDECREF(value);
goto error;
}
}
cleanup:
VIR_FREE(labels);
return py_retval;
error:
Py_XDECREF(py_retval);
py_retval = NULL;
goto cleanup;
}
3. test securityLabelList (but i don't think show not enforcing DAC is good):
# python
Python 2.7.5 (default, Sep 4 2014, 05:34:58)
[GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt
>>> conn=libvirt.open()
>>> dom=conn.lookupByName("r7")
>>> dom.securityLabelList()
[]
>>> dom.create()
0
>>> dom.securityLabelList()
[['system_u:system_r:svirt_t:s0:c405,c951', True], ['+107:+107', False]]
# ps auxZ|grep r7
system_u:system_r:svirt_t:s0:c405,c951 qemu 8525 41.5 8.6 1741380 611760 ? ...
# cat /proc/8525/status |grep -A 1 Uid
Uid: 107 107 107 107
Gid: 107 107 107 107
# getenforce
Enforcing
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2203.html |