[Libvir] [PATCH] properly check buffer size in virDomainXMLDevID
Richard W.M. Jones
rjones at redhat.com
Tue Sep 11 13:46:22 UTC 2007
Hugh Brock wrote:
> As promised, a patch to protect the 80-character "device id" buffer from
> overflow by the unbounded "device=" XML attribute. Before, a large
> "device" attribute gave a stack overflow error; now it merely results in
> an obscure (but non-fatal) xend error like so:
>
>
> libvir: Xen Daemon error : POST operation failed: (xend.err "invalid
> literal for int() with base 10:
> 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'")
>
>
> (the long string of "x"es was my way of overflowing the buffer).
>
> Please ACK...
+1
Rich.
--
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in
England and Wales under Company Registration No. 03798903
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20070911/a010873f/attachment-0001.bin>
More information about the libvir-list
mailing list