nwfilter: don't crash listing filters in unprivileged daemon

The unprivileged libvirtd does not support nwfilter config, by leaves the
driver active. It is supposed to result in all APIs being an effective
no-op, but several APIs rely on driver->nwfilters being non-NULL, or they
will reference a NULL pointer. Rather than adding checks for NULL in many
places, just make sure  driver->nwfilters is always initialized.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 2f9a51c405a39e499eed03b7eae71a99e83c224f..885dbcc282f178f0931ab29e87a387c582594df6 100644 (file)
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -189,6 +189,8 @@ nwfilterStateInitialize(bool privileged,
     /* remember that we are going to use firewalld */
     driver->watchingFirewallD = (sysbus != NULL);
     driver->privileged = privileged;
+    if (!(driver->nwfilters = virNWFilterObjListNew()))
+        goto error;
 
     if (!privileged)
         return 0;
@@ -244,9 +246,6 @@ nwfilterStateInitialize(bool privileged,
         goto error;
     }
 
-    if (!(driver->nwfilters = virNWFilterObjListNew()))
-        goto error;
-
     if (virNWFilterObjListLoadAllConfigs(driver->nwfilters, driver->configDir) < 0)
         goto error;
 
@@ -271,6 +270,7 @@ nwfilterStateInitialize(bool privileged,
     virNWFilterIPAddrMapShutdown();
 
  err_free_driverstate:
+    virNWFilterObjListFree(driver->nwfilters);
     VIR_FREE(driver);
 
     return -1;
@@ -349,13 +349,13 @@ nwfilterStateCleanup(void)
 
         nwfilterDriverRemoveDBusMatches();
 
-        /* free inactive nwfilters */
-        virNWFilterObjListFree(driver->nwfilters);
-
         VIR_FREE(driver->configDir);
         nwfilterDriverUnlock();
     }
 
+    /* free inactive nwfilters */
+    virNWFilterObjListFree(driver->nwfilters);
+
     virMutexDestroy(&driver->lock);
     VIR_FREE(driver);