From: Michal Privoznik <mpriv...@redhat.com>

Inside of get_files() there are two cases where vah_add_file() is
not checked for its retval. This is possibly dangerous, because
vah_add_file() might fail. Fix those places by introducing checks
for the retval.

Signed-off-by: Michal Privoznik <mpriv...@redhat.com>
---
 src/security/virt-aa-helper.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 2ea4b47fa5..7748a0d19b 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1022,15 +1022,17 @@ get_files(vahControl * ctl)
         const char *rendernode = virDomainGraphicsGetRenderNode(graphics);
 
         if (rendernode) {
-            vah_add_file(&buf, rendernode, "rw");
+            if (vah_add_file(&buf, rendernode, "rw") != 0)
+                goto cleanup;
             needsgl = true;
         } else {
             if (virDomainGraphicsNeedsAutoRenderNode(graphics)) {
                 g_autofree char *defaultRenderNode = virHostGetDRMRenderNode();
                 needsgl = true;
 
-                if (defaultRenderNode) {
-                    vah_add_file(&buf, defaultRenderNode, "rw");
+                if (defaultRenderNode &&
+                    vah_add_file(&buf, defaultRenderNode, "rw") != 0) {
+                    goto cleanup;
                 }
             }
         }
-- 
2.49.0

Reply via email to