2010/9/1 Eric Blake <eblake@xxxxxxxxxx>:
> * src/conf/network_conf.c (virNetworkAllocateBridge): Avoid
> limited buffer from snprintf.
> ---
>
> Why print to a fixed-width buffer to then just strdup it later,
> when we can print to a malloc'd buffer in the first place. Besides,
> I couldn't easily guarantee if the buffer was large enough or if
> it would contain arbitrary user input.
>
> src/conf/network_conf.c | 15 ++++++---------
> 1 files changed, 6 insertions(+), 9 deletions(-)
>
> diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
> index 347fc0b..4c0248c 100644
> --- a/src/conf/network_conf.c
> +++ b/src/conf/network_conf.c
> @@ -891,17 +891,14 @@ char *virNetworkAllocateBridge(const virNetworkObjListPtr nets,
> template = "virbr%d";
>
> do {
> - char try[50];
> -
> - snprintf(try, sizeof(try), template, id);
> -
> - if (!virNetworkBridgeInUse(nets, try, NULL)) {
> - if (!(newname = strdup(try))) {
> - virReportOOMError();
> - return NULL;
> - }
> + if (virAsprintf(&newname, template, id) < 0) {
> + virReportOOMError();
> + return NULL;
> + }
> + if (!virNetworkBridgeInUse(nets, newname, NULL)) {
> return newname;
> }
> + VIR_FREE(newname);
>
> id++;
> } while (id <= MAX_BRIDGE_ID);
> --
> 1.7.2.2
>
ACK.
Matthias
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list