From 75e656a363f649309fc5647c1fd402f852ef16dd Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Thu, 7 Mar 2013 11:50:14 +0000
Subject: [PATCH] Fix crash parsing RNG device specification

Code that validates the whitelist for the RNG device filename
didn't account for fact that filename may be NULL. This led
to a NULL reference crash. This wasn't caught since the test
suite was not covering this XML syntax

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 src/conf/domain_conf.c                        |  3 ++-
 .../qemuxml2argv-virtio-rng-default.args      |  6 +++++
 .../qemuxml2argv-virtio-rng-default.xml       | 23 +++++++++++++++++++
 tests/qemuxml2argvtest.c                      |  2 ++
 4 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.xml

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 739bd72ceb..717fc206e7 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7424,7 +7424,8 @@ virDomainRNGDefParseXML(const xmlNodePtr node,
     switch ((enum virDomainRNGBackend) def->backend) {
     case VIR_DOMAIN_RNG_BACKEND_RANDOM:
         def->source.file = virXPathString("string(./backend)", ctxt);
-        if (STRNEQ(def->source.file, "/dev/random") &&
+        if (def->source.file &&
+            STRNEQ(def->source.file, "/dev/random") &&
             STRNEQ(def->source.file, "/dev/hwrng")) {
             virReportError(VIR_ERR_XML_ERROR,
                            _("file '%s' is not a supported random source"),
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.args b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.args
new file mode 100644
index 0000000000..a5f04fd9a8
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.args
@@ -0,0 +1,6 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu \
+-S -M pc -m 214 -smp 1 -nographic -nodefaults \
+-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 \
+-object rng-random,id=rng0 \
+-device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x4
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.xml b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.xml
new file mode 100644
index 0000000000..0852deaa0e
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-default.xml
@@ -0,0 +1,23 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219100</memory>
+  <currentMemory unit='KiB'>219100</currentMemory>
+  <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <controller type='usb' index='0'/>
+    <memballoon model='virtio'/>
+    <rng model='virtio'>
+      <backend model='random'/>
+    </rng>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index b6b5489a69..2354733fe8 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -882,6 +882,8 @@ mymain(void)
             QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIDEO_PRIMARY,
             QEMU_CAPS_DEVICE_QXL, QEMU_CAPS_DEVICE_QXL_VGA);
 
+    DO_TEST("virtio-rng-default", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,
+            QEMU_CAPS_OBJECT_RNG_RANDOM);
     DO_TEST("virtio-rng-random", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,
             QEMU_CAPS_OBJECT_RNG_RANDOM);
     DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,
-- 
2.39.5