On 6. 3. 2020 14:28, Daniel P. Berrangé wrote: > In the following recent change: > > commit db72866310d1e520efa8ed2d4589bdb5e76a1c95 > Author: Daniel P. Berrangé <berrange@xxxxxxxxxx> > Date: Tue Jan 14 10:40:52 2020 +0000 > > util: add API for reading password from the console > > the fact that "bufptr" pointer may point to either heap or stack > allocated data was overlooked. As a result, when the strdup was > removed, we ended up returning a pointer to the local stack to > the caller. When the caller referenced this stack pointer they > got out garbage which fairly quickly resulted in a crash. > > We need to copy the stack buffer into heap memory in the username > case. > > Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> > --- > > Changed in v2: > > - Keep use of fgets for mingw portability, but strdup the > static buffer > > src/libvirt.c | 5 ++-- > tests/Makefile.am | 2 ++ > tests/virsh-auth | 57 ++++++++++++++++++++++++++++++++++++++++++++ > tests/virsh-auth.xml | 5 ++++ > 4 files changed, 67 insertions(+), 2 deletions(-) > create mode 100755 tests/virsh-auth > create mode 100644 tests/virsh-auth.xml Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Michal
