|
|
05bba0 |
From 81278fd6c82c8a1c22c65f1ae1ea048d2473dbfe Mon Sep 17 00:00:00 2001
|
|
|
05bba0 |
From: Markus Armbruster <armbru@redhat.com>
|
|
|
05bba0 |
Date: Tue, 8 Sep 2015 18:06:24 +0200
|
|
|
05bba0 |
Subject: [PATCH 6/7] util/uri: URI member path can be null, compare more
|
|
|
05bba0 |
carfully
|
|
|
05bba0 |
|
|
|
05bba0 |
Message-id: <1441735585-23432-7-git-send-email-armbru@redhat.com>
|
|
|
05bba0 |
Patchwork-id: 67709
|
|
|
05bba0 |
O-Subject: [RHEL-7.2 qemu-kvm PATCH 6/7] util/uri: URI member path can be null, compare more carfully
|
|
|
05bba0 |
Bugzilla: 1218919
|
|
|
05bba0 |
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
05bba0 |
RH-Acked-by: Fam Zheng <famz@redhat.com>
|
|
|
05bba0 |
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
|
05bba0 |
|
|
|
05bba0 |
uri_resolve_relative() calls strcmp(bas->path, ref->path). However,
|
|
|
05bba0 |
either argument could be null! Evidence: the code checks for null
|
|
|
05bba0 |
after the comparison. Spotted by Coverity.
|
|
|
05bba0 |
|
|
|
05bba0 |
I suspect this was screwed up when we stole the code from libxml2.
|
|
|
05bba0 |
There the conditional reads
|
|
|
05bba0 |
|
|
|
05bba0 |
xmlStrEqual((xmlChar *)bas->path, (xmlChar *)ref->path)
|
|
|
05bba0 |
|
|
|
05bba0 |
with
|
|
|
05bba0 |
|
|
|
05bba0 |
int
|
|
|
05bba0 |
xmlStrEqual(const xmlChar *str1, const xmlChar *str2) {
|
|
|
05bba0 |
if (str1 == str2) return(1);
|
|
|
05bba0 |
if (str1 == NULL) return(0);
|
|
|
05bba0 |
if (str2 == NULL) return(0);
|
|
|
05bba0 |
do {
|
|
|
05bba0 |
if (*str1++ != *str2) return(0);
|
|
|
05bba0 |
} while (*str2++);
|
|
|
05bba0 |
return(1);
|
|
|
05bba0 |
}
|
|
|
05bba0 |
|
|
|
05bba0 |
Fix by replicating libxml2's logic faithfully.
|
|
|
05bba0 |
|
|
|
05bba0 |
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
05bba0 |
Signed-off-by: Markus Armbruster <armbru@redhat.com>
|
|
|
05bba0 |
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
|
|
05bba0 |
(cherry picked from commit afb30dde3ad71349fc65726946d58e5d3c61f8af)
|
|
|
05bba0 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
05bba0 |
|
|
|
05bba0 |
util/uri.c | 3 ++-
|
|
|
05bba0 |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
05bba0 |
|
|
|
05bba0 |
diff
|
|
|
05bba0 |
index b9a7b54..1cfd78b 100644
|
|
|
05bba0 |
|
|
|
05bba0 |
|
|
|
05bba0 |
@@ -1935,7 +1935,8 @@ uri_resolve_relative (const char *uri, const char * base)
|
|
|
05bba0 |
val = g_strdup (uri);
|
|
|
05bba0 |
goto done;
|
|
|
05bba0 |
}
|
|
|
05bba0 |
- if (!strcmp(bas->path, ref->path)) {
|
|
|
05bba0 |
+ if (bas->path == ref->path ||
|
|
|
05bba0 |
+ (bas->path && ref->path && !strcmp(bas->path, ref->path))) {
|
|
|
05bba0 |
val = g_strdup("");
|
|
|
05bba0 |
goto done;
|
|
|
05bba0 |
}
|
|
|
05bba0 |
--
|
|
|
05bba0 |
1.8.3.1
|
|
|
05bba0 |
|