On 08/19/2013 05:16 AM, Daniel P. Berrange wrote: >>>> + remote_domain_ip_addr ip_addrs<>; >>> Use of <> *NOT* allowed - this is a security flaw allowing the client >>> to trigger DOS on libvirtd allocating memory. Follow the examples of >>> other APis which set an explicit limit. >> >> In that case, we have bug on APIs like listAllDomains too, as they use >> variable-length array too. > > Sigh. In future please don't report security problems like that on this > mailing list. We have a dedicated security list for responsible disclosure > of issues in libvirt released code. I don't see this as a security decision. Our choice to use <> in listAllDomains was conscious, and discussed on this list - we are saved by the fact that the overall RPC code is still bounded in size, and that limiting the length of the list did not buy us any more security than what we got by cramming in the maximum number of possible results into the overall size of the RPC call. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list