[libvirt] [PATCH] phyp: Fixing possible buffer overflow
Eric Blake
eblake at redhat.com
Thu Aug 5 20:34:36 UTC 2010
On 07/15/2010 08:01 PM, Laine Stump wrote:
> Here's a stab at doing it this way. I haven't even compiled it, but
> you can give it a try and see if it solves your problem.
I _have_ compiled it, and double-checked it for any obvious logic flaws.
There's a subtle change in semantics:
> + /* I need to parse the textual return in order to get the ids */
> + line = ret;
> + got = 0;
> + while (*line && got < nids) {
> + if (virStrToLong_i(line, &next_line, 10, &ids[got]) == -1) {
> + VIR_ERROR(_("Cannot parse number from '%s'"), line);
> + got = -1;
> + goto err;
> }
> + got++;
> + line = next_line;
> + while (*line == '\n')
> + line++; /* skip \n */
> }
>
> - VIR_FREE(cmd);
> - VIR_FREE(ret);
> - return got;
> -
> err:
> VIR_FREE(cmd);
> VIR_FREE(ret);
> - return -1;
> + return got;
> }
Before, this always returned -1 on failure. But now, if you parse one
line before failing to parse the second, it returns 1. I think the err:
label should continue to return -1 on failure.
ACK with that change.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100805/8c809173/attachment-0001.sig>
More information about the libvir-list
mailing list