Re: [libvirt] [PATCH] libvirt.c: don't let a NULL "cpumaps" argument provoke a NULL-deref

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Dec 14, 2009 at 05:18:54PM +0100, Jim Meyering wrote:
> 
> 
> >From 94923b161a9d066146271bb533b78ab7877e4501 Mon Sep 17 00:00:00 2001
> From: Jim Meyering <meyering@xxxxxxxxxx>
> Date: Mon, 14 Dec 2009 17:17:53 +0100
> Subject: [PATCH] libvirt.c: don't let a NULL "cpumaps" argument provoke a NULL-deref
> 
> * src/libvirt.c (virDomainGetVcpus): Update spec to say that maplen
> is ignored when "cpumaps" is NULL.
> Set maplen to 0 in that case.
> ---
>  src/libvirt.c |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/src/libvirt.c b/src/libvirt.c
> index 008e322..4325aa4 100644
> --- a/src/libvirt.c
> +++ b/src/libvirt.c
> @@ -4753,6 +4753,7 @@ error:
>   *      virDomainPinVcpu() API.
>   * @maplen: number of bytes in one cpumap, from 1 up to size of CPU map in
>   *	underlying virtualization system (Xen...).
> + *	Ignored when cpumaps is NULL.
>   *
>   * Extract information about virtual CPUs of domain, store it in info array
>   * and also in cpumaps if this pointer isn't NULL.
> @@ -4776,6 +4777,12 @@ virDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
>          virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__);
>          goto error;
>      }
> +
> +    /* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not
> +       try to memcpy anything into a NULL pointer.  */
> +    if (cpumaps == NULL)
> +        maplen = 0;
> +
>      if (cpumaps != NULL && maplen < 1) {
>          virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__);
>          goto error;
> --

I wonder if it might be better to return an error in that case. Passing
a NULL cpumaps, and non-zero maplen seems like a real application bug
we should complain about

  if (cpumaps == NULL && maplen != 0)
    ....error...


Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]