From 31c698d76d9c044a2bc19ba6f22fd82f1a451468 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 18 Jan 2011 18:01:10 +0000
Subject: [PATCH] Avoid crash in security driver if model is NULL

If the XML security model is NULL, it is assumed that the current
model will be used with dynamic labelling. The verify step is
meaningless and potentially crashes if dereferencing NULL

* src/security/security_manager.c: Skip NULL model on verify
---
 src/security/security_manager.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 66cffb5be5..6406161cfa 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -309,6 +309,14 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
 int virSecurityManagerVerify(virSecurityManagerPtr mgr,
                              virDomainDefPtr def)
 {
+    const virSecurityLabelDefPtr secdef = &def->seclabel;
+    /* NULL model == dynamic labelling, with whatever driver
+     * is active, so we can short circuit verify check to
+     * avoid drivers de-referencing NULLs by accident
+     */
+    if (!secdef->model)
+        return 0;
+
     if (mgr->drv->domainSecurityVerify)
         return mgr->drv->domainSecurityVerify(mgr, def);