[libvirt] [PATCHv2 2/5] domifaddr: Implement the remote protocol

Eric Blake eblake at redhat.com
Mon Aug 19 13:26:01 UTC 2013


On 08/19/2013 05:16 AM, Daniel P. Berrange wrote:

>>>> +    remote_domain_ip_addr ip_addrs<>;
>>> Use of <> *NOT* allowed - this is a security flaw allowing the client
>>> to trigger DOS on libvirtd allocating memory. Follow the examples of
>>> other APis which set an explicit limit.	
>>
>> In that case, we have bug on APIs like listAllDomains too, as they use
>> variable-length array too.
> 
> Sigh. In future please don't report security problems like that on this
> mailing list. We have a dedicated security list for responsible disclosure
> of issues in libvirt released code.

I don't see this as a security decision.  Our choice to use <> in
listAllDomains was conscious, and discussed on this list - we are saved
by the fact that the overall RPC code is still bounded in size, and that
limiting the length of the list did not buy us any more security than
what we got by cramming in the maximum number of possible results into
the overall size of the RPC call.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130819/8eb64a22/attachment-0001.sig>


More information about the libvir-list mailing list