[Libguestfs] [PATCH V3] virt-diff: add new virt-diff tool
Richard W.M. Jones
rjones at redhat.com
Wed Sep 19 10:28:01 UTC 2012
On Wed, Sep 19, 2012 at 05:43:10PM +0800, Wanlong Gao wrote:
> On 08/21/2012 04:25 PM, Richard W.M. Jones wrote:
> > Another thing: Don't use sprintf, ever. With the wrong $TMPDIR that
> > code above is a security hole. Since you need to quote 'dir' (since
> > it comes from user input) you're going to have to rewrite the whole
> > call to system(3) so that it uses fork + exec instead.
>
> Can you explain more? Sorry I can't understand where is the security
> hole.
sprintf doesn't check the size of the output buffer. The output
buffer always needs to be sized big enough for all inputs, else you'll
have a buffer overflow. The simple way to avoid this is to use
asprintf which allocates the output buffer of the correct size for
you.
> And if I use fork + exec, how can I make "stempdir" and "dir"
> together to an "argv[]" for the argument of exec?
Have a look at:
https://github.com/libguestfs/libguestfs/blob/f9f0767e20847734db3747c06b4ff11729a62a07/src/launch.c#L527
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
More information about the Libguestfs
mailing list