[libvirt] [PATCH] qemu restore: don't let corrupt input provoke unwarranted OOM
Eric Blake
eblake at redhat.com
Wed Mar 3 16:16:47 UTC 2010
According to Jim Meyering on 3/3/2010 3:38 AM:
> Subject: [PATCH] qemu restore: don't let corrupt input provoke unwarranted OOM
>
> * src/qemu/qemu_driver.c (qemudDomainRestore): A corrupt save file
> (in particular, a too-large header.xml_len value) would cause an
> unwarranted out-of-memory error. Do not trust the just-read
> header.xml_len. Instead, merely use that as a hint, and
> read/allocate up to that number of bytes from the file.
ACK. The damage of a malicious header is limited to a DoS, and not
arbitrary execution, so I agree that this is not a show-stopper for 0.7.7,
but it is definitely a bug fix.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 320 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100303/3cc1016d/attachment-0001.sig>
More information about the libvir-list
mailing list