File 79552754-libvirtd-chardev-crash.patch of Package libvirt.openSUSE_13.1_Update
commit 795527548fea79902ea4ce32747e069944cf3e61
Author: Peter Krempa <pkrempa@redhat.com>
Date: Thu Sep 26 08:12:39 2013 +0200
conf: Don't crash on invalid chardev source definition of RNGs and other
Since commit 297c99a5 an invalid source definition XML of a character
device that is used as backend for RNG devices, smartcards and redirdevs
causes crash of the daemon when parsing such a definition.
The device types mentioned above are not a part of a regular character
device but are backends for other types. Thus when parsing such device
NULL is passed as the argument @chr_def. Later when checking the
validity of the definition @chr_def was dereferenced when parsing a UNIX
socket backend with missing path of the socket and crashed the daemon.
Sample offending configuration:
<devices>
...
<rng model='virtio'>
<backend model='egd' type='unix'>
<source mode='bind' service='1024'/>
</backend>
</rng>
</devices>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196
Index: libvirt-1.1.2/src/conf/domain_conf.c
===================================================================
--- libvirt-1.1.2.orig/src/conf/domain_conf.c
+++ libvirt-1.1.2/src/conf/domain_conf.c
@@ -7026,7 +7026,8 @@ virDomainChrSourceDefParseXML(virDomainC
case VIR_DOMAIN_CHR_TYPE_UNIX:
/* path can be auto generated */
if (!path &&
- chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO) {
+ (!chr_def ||
+ chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO)) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Missing source path attribute for char device"));
goto error;
Index: libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml
===================================================================
--- /dev/null
+++ libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml
@@ -0,0 +1,27 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <controller type='usb' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <memballoon model='virtio'/>
+ <rng model='virtio'>
+ <backend model='egd' type='unix'>
+ <!-- https://bugzilla.redhat.com/show_bug.cgi?id=1012196 -->
+ <source mode='connect' host='1.2.3.4' service='1234'/>
+ </backend>
+ </rng>
+ </devices>
+</domain>
Index: libvirt-1.1.2/tests/qemuxml2argvtest.c
===================================================================
--- libvirt-1.1.2.orig/tests/qemuxml2argvtest.c
+++ libvirt-1.1.2/tests/qemuxml2argvtest.c
@@ -973,6 +973,8 @@ mymain(void)
QEMU_CAPS_OBJECT_RNG_RANDOM);
DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,
QEMU_CAPS_OBJECT_RNG_EGD);
+ DO_TEST_PARSE_ERROR("virtio-rng-egd-crash", QEMU_CAPS_DEVICE,
+ QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_EGD);
DO_TEST("virtio-rng-ccw",
QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG,
QEMU_CAPS_DRIVE, QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_CCW,
