[libvirt] [PATCHv2 2/2] openvz: avoid potential buffer overflow
Matthias Bolte
matthias.bolte at googlemail.com
Tue Dec 7 21:49:18 UTC 2010
2010/12/7 Eric Blake <eblake at redhat.com>:
> * src/openvz/openvz_conf.c (openvzLoadDomains): Replace unsafe
> sscanf with safe direct parsing.
> (openvzGetVEID): Avoid lost integer overflow detection.
> (openvzAssignUUIDs): Likewise, and detect readdir failure.
> ---
>
> v2: new patch; plugs a potential security hole, since
> *scanf("%s",fixed_width_buffer) is exploitable, but the
> exploit could only happen if /usr/sbin/vzlist is compromised.
>
> src/openvz/openvz_conf.c | 39 +++++++++++++++++++++++++--------------
> 1 files changed, 25 insertions(+), 14 deletions(-)
>
ACK.
Matthias
More information about the libvir-list
mailing list