Bug 1249511
Summary: | Calling "PyList_Append" without checking return value | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jiri Denemark <jdenemar> |
Component: | libvirt-python | Assignee: | Jiri Denemark <jdenemar> |
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.1 | CC: | dyuan, honzhang, lhuang, mzhan, weizhan |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | libvirt-python-1.2.17-2.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-19 05:35:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jiri Denemark
2015-08-03 08:24:22 UTC
Patch sent upstream for review: https://www.redhat.com/archives/libvir-list/2015-August/msg00026.html Verify this bug via check the code, and make sure the function works well: 1. # rpm -q libvirt-python-debuginfo libvirt-python-debuginfo-1.2.17-2.el7.x86_64 # rpm -q libvirt-python libvirt-python-1.2.17-2.el7.x86_64 2. check the debuginfo in /usr/src/debug/: static PyObject * libvirt_virDomainGetSecurityLabelList(PyObject *self ATTRIBUTE_UNUSED, PyObject *args) { PyObject *py_retval; int c_retval; virDomainPtr dom; PyObject *pyobj_dom; virSecurityLabel *labels = NULL; size_t i; if (!PyArg_ParseTuple(args, (char *)"O:virDomainGetSecurityLabel", &pyobj_dom)) return NULL; dom = (virDomainPtr) PyvirDomain_Get(pyobj_dom); LIBVIRT_BEGIN_ALLOW_THREADS; c_retval = virDomainGetSecurityLabelList(dom, &labels); LIBVIRT_END_ALLOW_THREADS; if (c_retval < 0) return VIR_PY_NONE; if (!(py_retval = PyList_New(0))) goto error; for (i = 0 ; i < c_retval ; i++) { PyObject *entry; PyObject *value; if (!(entry = PyList_New(2)) || PyList_Append(py_retval, entry) < 0) { Py_XDECREF(entry); goto error; } if (!(value = libvirt_constcharPtrWrap(&labels[i].label[0])) || PyList_SetItem(entry, 0, value) < 0) { Py_XDECREF(value); goto error; } if (!(value = libvirt_boolWrap(labels[i].enforcing)) || PyList_SetItem(entry, 1, value) < 0) { Py_XDECREF(value); goto error; } } cleanup: VIR_FREE(labels); return py_retval; error: Py_XDECREF(py_retval); py_retval = NULL; goto cleanup; } 3. test securityLabelList (but i don't think show not enforcing DAC is good): # python Python 2.7.5 (default, Sep 4 2014, 05:34:58) [GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import libvirt >>> conn=libvirt.open() >>> dom=conn.lookupByName("r7") >>> dom.securityLabelList() [] >>> dom.create() 0 >>> dom.securityLabelList() [['system_u:system_r:svirt_t:s0:c405,c951', True], ['+107:+107', False]] # ps auxZ|grep r7 system_u:system_r:svirt_t:s0:c405,c951 qemu 8525 41.5 8.6 1741380 611760 ? ... # cat /proc/8525/status |grep -A 1 Uid Uid: 107 107 107 107 Gid: 107 107 107 107 # getenforce Enforcing Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2203.html |