[Libvir] [PATCH] properly check buffer size in virDomainXMLDevID
Hugh Brock
hbrock at redhat.com
Wed Sep 12 13:39:53 UTC 2007
Richard W.M. Jones wrote:
> Hugh Brock wrote:
>> As promised, a patch to protect the 80-character "device id" buffer
>> from overflow by the unbounded "device=" XML attribute. Before, a
>> large "device" attribute gave a stack overflow error; now it merely
>> results in an obscure (but non-fatal) xend error like so:
>>
>>
>> libvir: Xen Daemon error : POST operation failed: (xend.err "invalid
>> literal for int() with base 10:
>> 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'")
>>
>>
>> (the long string of "x"es was my way of overflowing the buffer).
>>
>> Please ACK...
>
> +1
>
> Rich.
>
If someone could commit this please I would greatly appreciate it...
thanks,
--Hugh
--
Red Hat Virtualization Group http://redhat.com/virtualization
Hugh Brock | virt-manager http://virt-manager.org
hbrock at redhat.com | virtualization library http://libvirt.org
More information about the libvir-list
mailing list