[PATCH 12/12] Prohibit unbounded arrays in XDR protocols

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

The use of <> is a security issue for RPC parameters, since a
malicious client can set a huge array length causing arbitrary
memory allocation in the daemon.

It is also a robustness issue for RPC return values, because if
the stream is corrupted, it can cause the client to also allocate
arbitrary memory.

Use a syntax-check rule to prohibit any use of <>

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 cfg.mk | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cfg.mk b/cfg.mk
index 23564f1..9a9616c 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -836,6 +836,12 @@ sc_prohibit_config_h_in_headers:
 	halt='headers should not include <config.h>'			\
 	  $(_sc_search_regexp)
 
+sc_prohibit_unbounded_arrays_in_rpc:
+	@prohibit='<>'							\
+	in_vc_files='\.x$$'						\
+	halt='Arrays in XDR must have a upper limit set for <NNN>'	\
+	  $(_sc_search_regexp)
+
 
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null
-- 
1.8.3.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]