[libvirt PATCH v2 15/20] commandhelper: Make number of fds variable in parseArguments

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Fixes a buffer overflow triggered when more than three "--readfd"
arguments were given on the command line.

Signed-off-by: Tim Wiederhake <twiederh@xxxxxxxxxx>
---
 tests/commandhelper.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/tests/commandhelper.c b/tests/commandhelper.c
index ac64505461..9f0b7f25ac 100644
--- a/tests/commandhelper.c
+++ b/tests/commandhelper.c
@@ -36,7 +36,7 @@ extern char **environ;
 # define VIR_FROM_THIS VIR_FROM_NONE
 
 struct Arguments {
-    int readfds[3];
+    int *readfds;
     int numreadfds;
     bool daemonize_check;
     bool close_stdin;
@@ -51,6 +51,9 @@ static struct Arguments *parseArguments(int argc, char** argv)
     if (!(args = calloc(1, sizeof(*args))))
         goto cleanup;
 
+    if (!(args->readfds = calloc(1, sizeof(*args->readfds))))
+        goto cleanup;
+
     args->numreadfds = 1;
     args->readfds[0] = STDIN_FILENO;
 
@@ -58,6 +61,12 @@ static struct Arguments *parseArguments(int argc, char** argv)
         if (STREQ(argv[i - 1], "--readfd")) {
             char c;
 
+            args->readfds = realloc(args->readfds,
+                                    (args->numreadfds + 1) *
+                                    sizeof(*args->readfds));
+            if (!args->readfds)
+                goto cleanup;
+
             if (1 != sscanf(argv[i], "%u%c",
                             &args->readfds[args->numreadfds++], &c)) {
                 printf("Could not parse fd %s\n", argv[i]);
@@ -76,7 +85,12 @@ static struct Arguments *parseArguments(int argc, char** argv)
     if (ret == 0)
         return args;
 
-    free(args);
+    if (args) {
+        if (args->readfds)
+            free(args->readfds);
+        free(args);
+    }
+
     return NULL;
 }
 
@@ -343,8 +357,11 @@ int main(int argc, char **argv) {
     ret = EXIT_SUCCESS;
 
  cleanup:
-    if (args)
+    if (args) {
+        if (args->readfds)
+            free(args->readfds);
         free(args);
+    }
     if (log)
         fclose(log);
     return ret;
-- 
2.26.2




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux