Re: [libvirt] Power Hypervisor: Fix potential segfault and memleak in phypOpen

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Matthias Bolte wrote:
> 2009/8/20 Chris Lalancette <clalance@xxxxxxxxxx>:
>> Matthias Bolte wrote:
>>> Hi,
>>>
>>> I came across this line in the phypOpen function:
>>>
>>> char string[strlen(conn->uri->path)];
>>>
>>> Here the path part of the given URI is used without checking it for
>>> NULL, this can cause a segfault as strlen expects a string != NULL.
>>> Beside that uuid_db and connection_data leak in case of an error.
>>>
>>> In this line
>>>
>>> conn->uri->path = string;
>>>
>>> the original path of the URI leaks. The patch adds a VIR_FREE call
>>> before setting the new path.
>>>
>>> The attached patch is compile-tested but I don't have a Power
>>> Hypervisor installation at hand to test it for real.
>> I've now committed this patch (with some slight munging to get it to apply to
>> recent libvirt.git).
>>
>> Thanks,
>> --
>> Chris Lalancette
>>
> 
> Well, you should have applied version 2 of this patch, because version
> 1 was invalidated by changes to escape_specialcharacters(). It now
> takes a length argument, but string isn't an array anymore (but a char
> pointer), so sizeof(string) does no longer the right thing:
> 
> escape_specialcharacters(conn->uri->path, string, sizeof(string))
> 
> I attached patch version 2 again.

Gah, sorry, I totally missed (or forgot about) that.  I'll apply the incremental
diff, thanks.

-- 
Chris Lalancette

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]