* [PATCH for-5.2? 0/2] authz: Add missing NULL checks
@ 2020-11-17 16:30 Kevin Wolf
2020-11-17 16:30 ` [PATCH for-5.2? 1/2] authz-pam: Check that 'service' property is set Kevin Wolf
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Kevin Wolf @ 2020-11-17 16:30 UTC (permalink / raw)
To: qemu-devel; +Cc: kwolf, berrange
While trying to write a QAPI schema for user creatable object types, I
have to figure out whether properties are mandatory or options.
Turns out that some authz object types have properties that should be
mandatory because the code assumes they are non-NULL, but we never check
that they are actually given.
Kevin Wolf (2):
authz-pam: Check that 'service' property is set
authz-simple: Check that 'identity' property is set
authz/pamacct.c | 6 ++++++
authz/simple.c | 14 ++++++++++++++
2 files changed, 20 insertions(+)
--
2.28.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH for-5.2? 1/2] authz-pam: Check that 'service' property is set
2020-11-17 16:30 [PATCH for-5.2? 0/2] authz: Add missing NULL checks Kevin Wolf
@ 2020-11-17 16:30 ` Kevin Wolf
2020-11-17 16:38 ` Daniel P. Berrangé
2020-11-17 18:00 ` Philippe Mathieu-Daudé
2020-11-17 16:30 ` [PATCH for-5.2? 2/2] authz-simple: Check that 'identity' " Kevin Wolf
2020-11-17 16:44 ` [PATCH for-5.2? 0/2] authz: Add missing NULL checks Daniel P. Berrangé
2 siblings, 2 replies; 8+ messages in thread
From: Kevin Wolf @ 2020-11-17 16:30 UTC (permalink / raw)
To: qemu-devel; +Cc: kwolf, berrange
If the 'service' property is not set, we'll call pam_start() with a NULL
pointer for the service name. This fails and leaves a message like this
in the syslog:
qemu-storage-daemon[294015]: PAM pam_start: invalid argument: service == NULL
Make specifying the property mandatory and catch the error already
during the creation of the object.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
authz/pamacct.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/authz/pamacct.c b/authz/pamacct.c
index e67195f7be..c862d9ff39 100644
--- a/authz/pamacct.c
+++ b/authz/pamacct.c
@@ -84,6 +84,12 @@ qauthz_pam_prop_get_service(Object *obj,
static void
qauthz_pam_complete(UserCreatable *uc, Error **errp)
{
+ QAuthZPAM *pauthz = QAUTHZ_PAM(uc);
+
+ if (!pauthz->service) {
+ error_setg(errp, "The 'service' property must be set");
+ return;
+ }
}
--
2.28.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH for-5.2? 2/2] authz-simple: Check that 'identity' property is set
2020-11-17 16:30 [PATCH for-5.2? 0/2] authz: Add missing NULL checks Kevin Wolf
2020-11-17 16:30 ` [PATCH for-5.2? 1/2] authz-pam: Check that 'service' property is set Kevin Wolf
@ 2020-11-17 16:30 ` Kevin Wolf
2020-11-17 16:38 ` Daniel P. Berrangé
2020-11-17 18:01 ` Philippe Mathieu-Daudé
2020-11-17 16:44 ` [PATCH for-5.2? 0/2] authz: Add missing NULL checks Daniel P. Berrangé
2 siblings, 2 replies; 8+ messages in thread
From: Kevin Wolf @ 2020-11-17 16:30 UTC (permalink / raw)
To: qemu-devel; +Cc: kwolf, berrange
If the 'identify' property is not set, we'll pass a NULL pointer to
g_str_equal() and crash. Catch the error condition during the creation
of the object.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
authz/simple.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/authz/simple.c b/authz/simple.c
index 18db0355f4..0597dcd8ea 100644
--- a/authz/simple.c
+++ b/authz/simple.c
@@ -65,11 +65,25 @@ qauthz_simple_finalize(Object *obj)
}
+static void
+qauthz_simple_complete(UserCreatable *uc, Error **errp)
+{
+ QAuthZSimple *sauthz = QAUTHZ_SIMPLE(uc);
+
+ if (!sauthz->identity) {
+ error_setg(errp, "The 'identity' property must be set");
+ return;
+ }
+}
+
+
static void
qauthz_simple_class_init(ObjectClass *oc, void *data)
{
QAuthZClass *authz = QAUTHZ_CLASS(oc);
+ UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
+ ucc->complete = qauthz_simple_complete;
authz->is_allowed = qauthz_simple_is_allowed;
object_class_property_add_str(oc, "identity",
--
2.28.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH for-5.2? 1/2] authz-pam: Check that 'service' property is set
2020-11-17 16:30 ` [PATCH for-5.2? 1/2] authz-pam: Check that 'service' property is set Kevin Wolf
@ 2020-11-17 16:38 ` Daniel P. Berrangé
2020-11-17 18:00 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 8+ messages in thread
From: Daniel P. Berrangé @ 2020-11-17 16:38 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-devel
On Tue, Nov 17, 2020 at 05:30:44PM +0100, Kevin Wolf wrote:
> If the 'service' property is not set, we'll call pam_start() with a NULL
> pointer for the service name. This fails and leaves a message like this
> in the syslog:
>
> qemu-storage-daemon[294015]: PAM pam_start: invalid argument: service == NULL
>
> Make specifying the property mandatory and catch the error already
> during the creation of the object.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> authz/pamacct.c | 6 ++++++
> 1 file changed, 6 insertions(+)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH for-5.2? 2/2] authz-simple: Check that 'identity' property is set
2020-11-17 16:30 ` [PATCH for-5.2? 2/2] authz-simple: Check that 'identity' " Kevin Wolf
@ 2020-11-17 16:38 ` Daniel P. Berrangé
2020-11-17 18:01 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 8+ messages in thread
From: Daniel P. Berrangé @ 2020-11-17 16:38 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-devel
On Tue, Nov 17, 2020 at 05:30:45PM +0100, Kevin Wolf wrote:
> If the 'identify' property is not set, we'll pass a NULL pointer to
> g_str_equal() and crash. Catch the error condition during the creation
> of the object.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> authz/simple.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH for-5.2? 0/2] authz: Add missing NULL checks
2020-11-17 16:30 [PATCH for-5.2? 0/2] authz: Add missing NULL checks Kevin Wolf
2020-11-17 16:30 ` [PATCH for-5.2? 1/2] authz-pam: Check that 'service' property is set Kevin Wolf
2020-11-17 16:30 ` [PATCH for-5.2? 2/2] authz-simple: Check that 'identity' " Kevin Wolf
@ 2020-11-17 16:44 ` Daniel P. Berrangé
2 siblings, 0 replies; 8+ messages in thread
From: Daniel P. Berrangé @ 2020-11-17 16:44 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-devel
On Tue, Nov 17, 2020 at 05:30:43PM +0100, Kevin Wolf wrote:
> While trying to write a QAPI schema for user creatable object types, I
> have to figure out whether properties are mandatory or options.
>
> Turns out that some authz object types have properties that should be
> mandatory because the code assumes they are non-NULL, but we never check
> that they are actually given.
Hmm, avoiding manual code to check for mandatory options will be a
nice plus point of using QAPI
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH for-5.2? 1/2] authz-pam: Check that 'service' property is set
2020-11-17 16:30 ` [PATCH for-5.2? 1/2] authz-pam: Check that 'service' property is set Kevin Wolf
2020-11-17 16:38 ` Daniel P. Berrangé
@ 2020-11-17 18:00 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 8+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-11-17 18:00 UTC (permalink / raw)
To: Kevin Wolf, qemu-devel; +Cc: berrange
On 11/17/20 5:30 PM, Kevin Wolf wrote:
> If the 'service' property is not set, we'll call pam_start() with a NULL
> pointer for the service name. This fails and leaves a message like this
> in the syslog:
>
> qemu-storage-daemon[294015]: PAM pam_start: invalid argument: service == NULL
>
> Make specifying the property mandatory and catch the error already
> during the creation of the object.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> authz/pamacct.c | 6 ++++++
> 1 file changed, 6 insertions(+)
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH for-5.2? 2/2] authz-simple: Check that 'identity' property is set
2020-11-17 16:30 ` [PATCH for-5.2? 2/2] authz-simple: Check that 'identity' " Kevin Wolf
2020-11-17 16:38 ` Daniel P. Berrangé
@ 2020-11-17 18:01 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 8+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-11-17 18:01 UTC (permalink / raw)
To: Kevin Wolf, qemu-devel; +Cc: berrange
On 11/17/20 5:30 PM, Kevin Wolf wrote:
> If the 'identify' property is not set, we'll pass a NULL pointer to
> g_str_equal() and crash. Catch the error condition during the creation
> of the object.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> authz/simple.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-11-17 18:03 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-17 16:30 [PATCH for-5.2? 0/2] authz: Add missing NULL checks Kevin Wolf
2020-11-17 16:30 ` [PATCH for-5.2? 1/2] authz-pam: Check that 'service' property is set Kevin Wolf
2020-11-17 16:38 ` Daniel P. Berrangé
2020-11-17 18:00 ` Philippe Mathieu-Daudé
2020-11-17 16:30 ` [PATCH for-5.2? 2/2] authz-simple: Check that 'identity' " Kevin Wolf
2020-11-17 16:38 ` Daniel P. Berrangé
2020-11-17 18:01 ` Philippe Mathieu-Daudé
2020-11-17 16:44 ` [PATCH for-5.2? 0/2] authz: Add missing NULL checks Daniel P. Berrangé
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.