[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] don't let a bogus packet trigger over-allocation and segfault



According to Jim Meyering on 3/3/2010 9:26 AM:
>>> Another not-really-urgent fix:

Not sure whether this is 0.7.7 material to plug the crash, or whether it
can wait.  Either way,...

> Subject: [PATCH] xen: don't let bogus packets trigger over-allocation and segfault
> 
>      if (ans.data.arg == -1)
>          return NULL;
> -    if (ans.len <= sizeof(virProxyPacket)) {
> +    if (ans.len <= sizeof(virProxyPacket)
> +        || ans.len > sizeof (ans) - sizeof(virProxyPacket)) {
>          virProxyError(conn, VIR_ERR_OPERATION_FAILED, __FUNCTION__);
>          return NULL;
>      }
> 
>      xmllen = ans.len - sizeof (virProxyPacket);
>      if (VIR_ALLOC_N(xml, xmllen+1) < 0) {
>          virReportOOMError();
>          return NULL;
>      }
> -    memmove (xml, ans.extra.str, xmllen);
> +    memcpy (xml, ans.extra.str, xmllen);

ACK to all three portions of the squashed patch.

-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]