[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] ATTN: Denial of service attack possible on libguestfs 1.21.x, libguestfs.1.22.0



On Fri, May 31, 2013 at 08:39:08AM +0100, Richard W.M. Jones wrote:
> +  if (lines[0] != NULL)
> +    goto out;
> +

This actually managed to introduce (another) bug because the
test is the wrong way around :-(

Fixed upstream.

On the up side, I've started to perform fuzz testing of the inspection
code, and it was in fact this fuzz testing which found this new bug,
and would have found the old bug as well.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]