[Libvir] [PATCH] properly check buffer size in virDomainXMLDevID
Richard W.M. Jones
rjones at redhat.com
Wed Sep 12 15:37:16 UTC 2007
Hugh Brock wrote:
> Richard W.M. Jones wrote:
>> Hugh Brock wrote:
>>> As promised, a patch to protect the 80-character "device id" buffer
>>> from overflow by the unbounded "device=" XML attribute. Before, a
>>> large "device" attribute gave a stack overflow error; now it merely
>>> results in an obscure (but non-fatal) xend error like so:
>>>
>>>
>>> libvir: Xen Daemon error : POST operation failed: (xend.err "invalid
>>> literal for int() with base 10:
>>> 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'")
>>>
>>>
>>> (the long string of "x"es was my way of overflowing the buffer).
>>>
>>> Please ACK...
>>
>> +1
>>
>> Rich.
>>
>
> If someone could commit this please I would greatly appreciate it...
>
> thanks,
> --Hugh
Done.
Rich.
--
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in
England and Wales under Company Registration No. 03798903
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20070912/356133b9/attachment-0001.bin>
More information about the libvir-list
mailing list