* src/conf/network_conf.c (virNetworkAllocateBridge): Avoid
limited buffer from snprintf.
---
Why print to a fixed-width buffer to then just strdup it later,
when we can print to a malloc'd buffer in the first place. Besides,
I couldn't easily guarantee if the buffer was large enough or if
it would contain arbitrary user input.
src/conf/network_conf.c | 15 ++++++---------
1 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index 347fc0b..4c0248c 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -891,17 +891,14 @@ char *virNetworkAllocateBridge(const virNetworkObjListPtr nets,
template = "virbr%d";
do {
- char try[50];
-
- snprintf(try, sizeof(try), template, id);
-
- if (!virNetworkBridgeInUse(nets, try, NULL)) {
- if (!(newname = strdup(try))) {
- virReportOOMError();
- return NULL;
- }
+ if (virAsprintf(&newname, template, id) < 0) {
+ virReportOOMError();
+ return NULL;
+ }
+ if (!virNetworkBridgeInUse(nets, newname, NULL)) {
return newname;
}
+ VIR_FREE(newname);
id++;
} while (id <= MAX_BRIDGE_ID);
--
1.7.2.2
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list