[PATCH] uml: fix logic bug in checking reply length

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* src/uml/uml_driver.c (umlMonitorCommand): Validate that enough
bytes were read to dereference both res.length, and that many
bytes from res.data.
Reported by Soren Hansen.
---

> Yup, this looks good.

I'll wait for a third-party ack before pushing this.

Meanwhile, I discovered a bug in Solaris' implementation of
offsetof.  POSIX requires that offsetof be an integer
constant expression, which means that:

sizeof offsetof(a,b)

should compile.  But Solaris (and probably other buggy systems)
used too few parens in their macro, and you have to use:

sizeof(offsetof(a,b))

instead.  Interesting trivia, but at least it doesn't affect
any of libvirt's existing uses of offsetof.

 src/uml/uml_driver.c |    7 ++-----
 1 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c
index 04493ba..37ddc39 100644
--- a/src/uml/uml_driver.c
+++ b/src/uml/uml_driver.c
@@ -737,14 +737,11 @@ static int umlMonitorCommand(const struct uml_driver *driver,
             virReportSystemError(errno, _("cannot read reply %s"), cmd);
             goto error;
         }
-        if (nbytes < sizeof res) {
+        if (nbytes < offsetof(struct monitor_request, data) ||
+            nbytes < res.length + offsetof(struct monitor_request, data)) {
             virReportSystemError(0, _("incomplete reply %s"), cmd);
             goto error;
         }
-        if (sizeof res.data < res.length) {
-            virReportSystemError(0, _("invalid length in reply %s"), cmd);
-            goto error;
-        }

         if (VIR_REALLOC_N(retdata, retlen + res.length) < 0) {
             virReportOOMError();
-- 
1.7.2.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]