[libvirt] [PATCHv2 2/2] openvz: avoid potential buffer overflow
Eric Blake
eblake at redhat.com
Tue Dec 7 23:04:58 UTC 2010
On 12/07/2010 02:49 PM, Matthias Bolte wrote:
> 2010/12/7 Eric Blake <eblake at redhat.com>:
>> * src/openvz/openvz_conf.c (openvzLoadDomains): Replace unsafe
>> sscanf with safe direct parsing.
>> (openvzGetVEID): Avoid lost integer overflow detection.
>> (openvzAssignUUIDs): Likewise, and detect readdir failure.
>> ---
>>
>> v2: new patch; plugs a potential security hole, since
>> *scanf("%s",fixed_width_buffer) is exploitable, but the
>> exploit could only happen if /usr/sbin/vzlist is compromised.
>>
>> src/openvz/openvz_conf.c | 39 +++++++++++++++++++++++++--------------
>> 1 files changed, 25 insertions(+), 14 deletions(-)
>>
>
> ACK.
Thanks; I've pushed the series.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20101207/8eb33d8c/attachment-0001.sig>
More information about the libvir-list
mailing list