[Libvir] [PATCH] properly check buffer size in virDomainXMLDevID
Hugh Brock
hbrock at redhat.com
Tue Sep 11 13:20:38 UTC 2007
As promised, a patch to protect the 80-character "device id" buffer from
overflow by the unbounded "device=" XML attribute. Before, a large
"device" attribute gave a stack overflow error; now it merely results in
an obscure (but non-fatal) xend error like so:
libvir: Xen Daemon error : POST operation failed: (xend.err "invalid
literal for int() with base 10:
'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'")
(the long string of "x"es was my way of overflowing the buffer).
Please ACK...
--Hugh
--
Red Hat Virtualization Group http://redhat.com/virtualization
Hugh Brock | virt-manager http://virt-manager.org
hbrock at redhat.com | virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libvirt-check-device-id-input.patch
Type: text/x-patch
Size: 2771 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20070911/35459788/attachment-0001.bin>
More information about the libvir-list
mailing list