[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCHv2 2/5] domifaddr: Implement the remote protocol

On 08/19/2013 05:16 AM, Daniel P. Berrange wrote:

>>>> +    remote_domain_ip_addr ip_addrs<>;
>>> Use of <> *NOT* allowed - this is a security flaw allowing the client
>>> to trigger DOS on libvirtd allocating memory. Follow the examples of
>>> other APis which set an explicit limit.	
>> In that case, we have bug on APIs like listAllDomains too, as they use
>> variable-length array too.
> Sigh. In future please don't report security problems like that on this
> mailing list. We have a dedicated security list for responsible disclosure
> of issues in libvirt released code.

I don't see this as a security decision.  Our choice to use <> in
listAllDomains was conscious, and discussed on this list - we are saved
by the fact that the overall RPC code is still bounded in size, and that
limiting the length of the list did not buy us any more security than
what we got by cramming in the maximum number of possible results into
the overall size of the RPC call.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]