ovsdb-server: Fix null pointer deref when bool "is_connected" is empty.

The ovsdb-server supports obtaining its remote connection targets from a
database table and updating that table with connection status information.
One of the supported connection status columns is a boolean column named
"is_connected".  The code in ovsdb-server blindly assigned a bool into
this column without checking that it actually had space allocated for one.
This was and is fine with the ovs-vswitchd schema, which always has exactly
one value in this column.  However, if a database schema makes this column
optional, and there are actually no values in it, then this assignment
dereferences a null pointer.

This commit fixes the problem by allocating space for a bool if none has
yet been allocated.

Noticed while adding an extra test for the connection status feature.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

diff --git a/ovsdb/ovsdb-server.c b/ovsdb/ovsdb-server.c
index 1bf10d9b477d29cff8d117e91903e59b32cf234d..32e2eb02f8a8ea9a608923d93fbc56ecf935276d 100644 (file)
--- a/ovsdb/ovsdb-server.c
+++ b/ovsdb/ovsdb-server.c
@@ -404,12 +404,24 @@ read_string_column(const struct ovsdb_row *row, const char *column_name,
 static void
 write_bool_column(struct ovsdb_row *row, const char *column_name, bool value)
 {
-    struct ovsdb_datum *datum = get_datum(row, column_name, OVSDB_TYPE_BOOLEAN,
-                                          OVSDB_TYPE_VOID, 1);
+    const struct ovsdb_column *column;
+    struct ovsdb_datum *datum;
 
+    column = ovsdb_table_schema_get_column(row->table->schema, column_name);
+    datum = get_datum(row, column_name, OVSDB_TYPE_BOOLEAN,
+                      OVSDB_TYPE_VOID, 1);
     if (!datum) {
         return;
     }
+
+    if (datum->n != 1) {
+        ovsdb_datum_destroy(datum, &column->type);
+
+        datum->n = 1;
+        datum->keys = xmalloc(sizeof *datum->keys);
+        datum->values = NULL;
+    }
+
     datum->keys[0].boolean = value;
 }