[Libguestfs] ATTN: Denial of service attack possible on libguestfs 1.21.x, libguestfs.1.22.0
Richard W.M. Jones
rjones at redhat.com
Sat Jun 1 13:11:17 UTC 2013
On Fri, May 31, 2013 at 08:39:08AM +0100, Richard W.M. Jones wrote:
> + if (lines[0] != NULL)
> + goto out;
> +
This actually managed to introduce (another) bug because the
test is the wrong way around :-(
Fixed upstream.
On the up side, I've started to perform fuzz testing of the inspection
code, and it was in fact this fuzz testing which found this new bug,
and would have found the old bug as well.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
More information about the Libguestfs
mailing list