Re: [libvirt] [PATCH] don't let a bogus packet trigger over-allocation and segfault

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

According to Jim Meyering on 3/3/2010 9:26 AM:
>>> Another not-really-urgent fix:

Not sure whether this is 0.7.7 material to plug the crash, or whether it
can wait.  Either way,...

> Subject: [PATCH] xen: don't let bogus packets trigger over-allocation and segfault
> 
>      if (ans.data.arg == -1)
>          return NULL;
> -    if (ans.len <= sizeof(virProxyPacket)) {
> +    if (ans.len <= sizeof(virProxyPacket)
> +        || ans.len > sizeof (ans) - sizeof(virProxyPacket)) {
>          virProxyError(conn, VIR_ERR_OPERATION_FAILED, __FUNCTION__);
>          return NULL;
>      }
> 
>      xmllen = ans.len - sizeof (virProxyPacket);
>      if (VIR_ALLOC_N(xml, xmllen+1) < 0) {
>          virReportOOMError();
>          return NULL;
>      }
> -    memmove (xml, ans.extra.str, xmllen);
> +    memcpy (xml, ans.extra.str, xmllen);

ACK to all three portions of the squashed patch.

-- 
Eric Blake   eblake@xxxxxxxxxx    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]