From 36aee593bc39f846ebc10f54fd12f8a51d211d09 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@fedoraproject.org>
Date: Jul 03 2009 10:08:42 +0000
Subject: * Fri Jul  3 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-4.fc12

- Fix libvirtd crash with bad capabilities data (bug #505635)

---

diff --git a/libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch b/libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch
new file mode 100644
index 0000000..c39447a
--- /dev/null
+++ b/libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch
@@ -0,0 +1,130 @@
+From 80965bff6d46dea1808c8bbf02f50f0e289a0e65 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Mon, 29 Jun 2009 10:41:56 +0000
+Subject: [PATCH] Fix crash in QEMU driver with bad capabilities data
+
+---
+ src/qemu_driver.c |   80 +++++++++++++++++++++++++++++++++++-----------------
+ 1 files changed, 54 insertions(+), 26 deletions(-)
+
+diff -up libvirt-0.6.2/src/qemu_driver.c.bad-caps libvirt-0.6.2/src/qemu_driver.c
+--- libvirt-0.6.2/src/qemu_driver.c.bad-caps	2009-07-03 10:07:03.275252815 +0100
++++ libvirt-0.6.2/src/qemu_driver.c	2009-07-03 10:08:52.143502961 +0100
+@@ -360,12 +360,43 @@ next:
+     return 0;
+ }
+ 
++
++static int
++qemudSecurityCapsInit(virSecurityDriverPtr secdrv,
++                      virCapsPtr caps)
++{
++    const char *doi, *model;
++
++    doi = virSecurityDriverGetDOI(secdrv);
++    model = virSecurityDriverGetModel(secdrv);
++
++    caps->host.secModel.model = strdup(model);
++    if (!caps->host.secModel.model) {
++        char ebuf[1024];
++        VIR_ERROR(_("Failed to copy secModel model: %s"),
++                  virStrerror(errno, ebuf, sizeof ebuf));
++        return -1;
++    }
++
++    caps->host.secModel.doi = strdup(doi);
++    if (!caps->host.secModel.doi) {
++        char ebuf[1024];
++        VIR_ERROR(_("Failed to copy secModel DOI: %s"),
++                  virStrerror(errno, ebuf, sizeof ebuf));
++        return -1;
++    }
++
++    VIR_DEBUG("Initialized caps for security driver \"%s\" with "
++              "DOI \"%s\"", model, doi);
++
++    return 0;
++}
++
++
+ static int
+ qemudSecurityInit(struct qemud_driver *qemud_drv)
+ {
+     int ret;
+-    const char *doi, *model;
+-    virCapsPtr caps;
+     virSecurityDriverPtr security_drv;
+ 
+     ret = virSecurityDriverStartup(&security_drv,
+@@ -381,36 +412,17 @@ qemudSecurityInit(struct qemud_driver *q
+     }
+ 
+     qemud_drv->securityDriver = security_drv;
+-    doi = virSecurityDriverGetDOI(security_drv);
+-    model = virSecurityDriverGetModel(security_drv);
+ 
+-    VIR_DEBUG("Initialized security driver \"%s\" with "
+-              "DOI \"%s\"", model, doi);
++    VIR_INFO("Initialized security driver %s", security_drv->name);
+ 
+     /*
+      * Add security policy host caps now that the security driver is
+      * initialized.
+      */
+-    caps = qemud_drv->caps;
+-
+-    caps->host.secModel.model = strdup(model);
+-    if (!caps->host.secModel.model) {
+-        char ebuf[1024];
+-        VIR_ERROR(_("Failed to copy secModel model: %s"),
+-                  virStrerror(errno, ebuf, sizeof ebuf));
+-        return -1;
+-    }
++    return qemudSecurityCapsInit(security_drv, qemud_drv->caps);
++}
+ 
+-    caps->host.secModel.doi = strdup(doi);
+-    if (!caps->host.secModel.doi) {
+-        char ebuf[1024];
+-        VIR_ERROR(_("Failed to copy secModel DOI: %s"),
+-                  virStrerror(errno, ebuf, sizeof ebuf));
+-        return -1;
+-    }
+ 
+-    return 0;
+-}
+ 
+ /**
+  * qemudStartup:
+@@ -1852,13 +1864,29 @@ static int qemudGetNodeInfo(virConnectPt
+ 
+ static char *qemudGetCapabilities(virConnectPtr conn) {
+     struct qemud_driver *driver = conn->privateData;
++    virCapsPtr caps;
+     char *xml = NULL;
+ 
+     qemuDriverLock(driver);
++    if ((caps = qemudCapsInit()) == NULL) {
++        virReportOOMError(conn);
++        goto cleanup;
++    }
++
++    if (qemu_driver->securityDriver &&
++        qemudSecurityCapsInit(qemu_driver->securityDriver, caps) < 0) {
++        virCapabilitiesFree(caps);
++        virReportOOMError(conn);
++        goto cleanup;
++    }
++
+     virCapabilitiesFree(qemu_driver->caps);
+-    if ((qemu_driver->caps = qemudCapsInit()) == NULL ||
+-        (xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
++    qemu_driver->caps = caps;
++
++    if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
+         virReportOOMError(conn);
++
++cleanup:
+     qemuDriverUnlock(driver);
+ 
+     return xml;
diff --git a/libvirt.spec b/libvirt.spec
index 4b8eea4..3c20452 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -55,7 +55,7 @@
 Summary: Library providing a simple API virtualization
 Name: libvirt
 Version: 0.6.4
-Release: 3%{?dist}%{?extra_release}
+Release: 4%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 Source: libvirt-%{version}.tar.gz
@@ -66,6 +66,8 @@ Patch1: libvirt-0.6.4-shared-readonly-label.patch
 Patch2: libvirt-0.6.4-do-not-unnecessarily-try-to-change-a-file-context.patch
 # Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)
 Patch3: libvirt-0.6.4-fix-nosource-label.patch
+# Fix libvirtd crash with bad capabilities data (bug #505635)
+Patch4 :libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch
 
 # Temporary hack till PulseAudio autostart problems are sorted
 # out when SELinux enforcing (bz 486112)
@@ -220,6 +222,7 @@ of recent versions of Linux (and other OSes).
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %patch200 -p0
 
@@ -550,6 +553,9 @@ fi
 %endif
 
 %changelog
+* Fri Jul  3 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-4.fc12
+- Fix libvirtd crash with bad capabilities data (bug #505635)
+
 * Fri Jul  3 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-3.fc12
 - Handle shared/readonly image labelling (bug #493692)
 - Don't unnecessarily try to change a file context (bug #507555)