[Libguestfs] ATTN: Denial of service attack possible on libguestfs 1.21.x, libguestfs.1.22.0
Richard W.M. Jones
rjones at redhat.com
Fri May 31 07:35:28 UTC 2013
On Fri, May 31, 2013 at 01:03:24AM +0200, Olaf Hering wrote:
> #2 0x00007ffff7b7936c in guestfs___safe_strdup (g=0x65da50, str=0x0) at alloc.c:96
> #3 0x00007ffff7b8b65e in parse_suse_release (filename=<optimized out>, fs=<optimized out>, g=<optimized out>) at inspect-fs-unix.c:343
This is a different problem:
lines = guestfs_head_n (g, 10, filename);
if (lines == NULL)
return -1;
/* First line is dist release name */
fs->product_name = safe_strdup (g, lines[0]); <<<---
if (fs->product_name == NULL)
goto out;
The code doesn't check that lines[0] != NULL.
I don't see a problem in parse_lsb_release however. Do you have a
stack trace from that?
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
More information about the Libguestfs
mailing list