[Libguestfs] [PATCH nbdkit 0/2] Be careful not to leak heap memory to the client.
Richard W.M. Jones
rjones at redhat.com
Tue Apr 23 09:01:55 UTC 2019
This bug was found by Eric Blake.
In the .pread method we allocate a buffer in the server and pass it to
the plugin. The plugin is supposed to fill it with data. The buffer
was uninitialized so initially contained random heap data, but that's
OK provided the plugin fully overwrote it with data. All correctly
written plugins ought to do this, however there is the possibility of
an incorrectly written plugin not doing so. In that case heap memory
would be leaked to the client.
The fix for this is to zero the buffer before passing it to the
plugin, so even if the plugin doesn't fill it properly no heap memory
is leaked.
I checked our existing plugins and they are all safe, except for the
OCaml plugin. The OCaml plugin had the same kind of mistake and
needed a separate fix. Again, correctly written OCaml plugins should
be fine, but incorrect ones could leak heap memory.
Since nbdkit supports a stable API and ABI, plugins can be distributed
outside nbdkit and we have no control over whether those plugins are
doing the right thing.
Rich.
More information about the Libguestfs
mailing list