git.proxmox.com Git - mirror

author	Markus Armbruster <armbru@redhat.com>
	Mon, 6 Mar 2017 19:00:35 +0000 (20:00 +0100)
committer	Kevin Wolf <kwolf@redhat.com>
	Tue, 7 Mar 2017 13:53:28 +0000 (14:53 +0100)
commit	cbc488ee2aaad06e7ef69936788e0dbd204cf0a0
tree	aa62dd606530d1e00c3776b7ebb34f0979f4df87	tree
parent	5fe31c25cce3b09e989e40439667cd4961aba969	commit \| diff

sheepdog: Defuse time bomb in sd_open() error handling

When qemu_opts_absorb_qdict() fails, sd_open() closes stdin, because
sd->fd is still zero. Fortunately, qemu_opts_absorb_qdict() can't
fail, because:

1. it only fails when qemu_opt_parse() fails, and
2. the only member of runtime_opts.desc[] is a QEMU_OPT_STRING, and
3. qemu_opt_parse() can't fail for QEMU_OPT_STRING.

Defuse this ticking time bomb by jumping behind the file descriptor
cleanup on error.

Also do that for the error paths where sd->fd is still -1. The file
descriptor cleanup happens to do nothing then, but let's not rely on
that here.

While there, rename label out to err, because it's on the error path,
not the normal path out of the function.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>