From fa5b4100c32d3125eeb0d6b0024892af86ecddb0 Mon Sep 17 00:00:00 2001 Message-Id: From: =?UTF-8?q?J=C3=A1n=20Tomko?= Date: Tue, 29 Sep 2020 14:43:03 +0200 Subject: [PATCH] rpc: gendispatch: handle empty flags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CVE-2020-25637 Prepare for omission of the in remote_protocol.x @acl annotations: @acl: :: so that we can add more fields after, e.g.: @acl: ::: Signed-off-by: Ján Tomko (cherry picked from commit 955029bd0ad7ef96000f529ac38204a8f4a96401) Signed-off-by: Ján Tomko Message-Id: <5fda9fc6cfe45eace10b8c2565a8b0c46b51f46c.1601383236.git.jtomko@redhat.com> Reviewed-by: Jiri Denemark --- src/rpc/gendispatch.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl index 8656c8f205..4cb9701e59 100755 --- a/src/rpc/gendispatch.pl +++ b/src/rpc/gendispatch.pl @@ -2112,7 +2112,7 @@ elsif ($mode eq "client") { if ($acl[$i]->{object} ne $acl[0]->{object}) { die "acl for '$call->{ProcName}' cannot check different objects"; } - if (defined $acl[$i]->{flags}) { + if (defined $acl[$i]->{flags} && length $acl[$i]->{flags}) { $checkflags = 1; } } @@ -2200,7 +2200,7 @@ elsif ($mode eq "client") { my $method = "virAccessManagerCheck" . $object; my $space = ' ' x length($method); print " if ("; - if (defined $acl->{flags}) { + if (defined $acl->{flags} && length $acl->{flags}) { my $flags = $acl->{flags}; if ($flags =~ /^\!/) { $flags = substr $flags, 1; -- 2.28.0