According to Jim Meyering on 3/3/2010 3:38 AM: > Subject: [PATCH] qemu restore: don't let corrupt input provoke unwarranted OOM > > * src/qemu/qemu_driver.c (qemudDomainRestore): A corrupt save file > (in particular, a too-large header.xml_len value) would cause an > unwarranted out-of-memory error. Do not trust the just-read > header.xml_len. Instead, merely use that as a hint, and > read/allocate up to that number of bytes from the file. ACK. The damage of a malicious header is limited to a DoS, and not arbitrary execution, so I agree that this is not a show-stopper for 0.7.7, but it is definitely a bug fix. -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list