From 03876cf506dff07d56cb0b4baec316e9f7c052e0 Mon Sep 17 00:00:00 2001 From: John Ferlan Date: Wed, 7 Dec 2016 08:10:30 -0500 Subject: [PATCH] nss: Need to check error condition on virJSONValueArraySize If the 'nleases < 0' on return, then the subsequent call to findLeaseInJSON will not produce the expected results (passed in as a size_t, but nleases is a ssize_t). So check if the returned value < 0 and if so, goto cleanup. Found by Coverity as a NEGATIVE_RETURNS event --- tools/nss/libvirt_nss.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index 418c11fafe..b69e62c8b1 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -309,7 +309,8 @@ findLease(const char *name, } VIR_DIR_CLOSE(dir); - nleases = virJSONValueArraySize(leases_array); + if ((nleases = virJSONValueArraySize(leases_array)) < 0) + goto cleanup; DEBUG("Read %zd leases", nleases); #if !defined(LIBVIRT_NSS_GUEST)