Daniel P. Berrange wrote: > On Fri, Jul 31, 2009 at 03:19:53PM +0200, Chris Lalancette wrote: >> Fix up qemudDomainMigratePrepare2 to use virGetHostname instead of >> gethostname. Besides the fact that virGetHostname is far more clever, >> there was a latent bug in the handling that could cause a buffer overflow >> on a very long hostname. >> >> Signed-off-by: Chris Lalancette <clalance@xxxxxxxxxx> >> --- >> src/qemu_driver.c | 9 ++++++--- >> 1 files changed, 6 insertions(+), 3 deletions(-) >> >> diff --git a/src/qemu_driver.c b/src/qemu_driver.c >> index cee2164..83cbcf3 100644 >> --- a/src/qemu_driver.c >> +++ b/src/qemu_driver.c >> @@ -6270,11 +6270,12 @@ qemudDomainMigratePrepare2 (virConnectPtr dconn, >> virDomainDefPtr def = NULL; >> virDomainObjPtr vm = NULL; >> int this_port; >> - char hostname [HOST_NAME_MAX+1]; >> + char *hostname; >> char migrateFrom [64]; >> const char *p; >> virDomainEventPtr event = NULL; >> int ret = -1;; >> + int internalret; >> >> *uri_out = NULL; >> >> @@ -6300,14 +6301,16 @@ qemudDomainMigratePrepare2 (virConnectPtr dconn, >> if (port == QEMUD_MIGRATION_NUM_PORTS) port = 0; >> >> /* Get hostname */ >> - if (gethostname (hostname, HOST_NAME_MAX+1) == -1) { >> + if ((hostname = virGetHostname()) == NULL) { >> virReportSystemError (dconn, errno, >> "%s", _("failed to determine host name")); >> goto cleanup; >> } >> >> /* Caller frees */ >> - if (virAsprintf(uri_out, "tcp:%s:%d", hostname, this_port) < 0) { >> + internalret = virAsprintf(uri_out, "tcp:%s:%d", hostname, this_port); >> + VIR_FREE(hostname); >> + if (internalret < 0) { >> virReportOOMError (dconn); >> goto cleanup; >> } > > ACK Committed. -- Chris Lalancette -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list