[libvirt] [PATCH] qemu: avoid leaking uninit data from hotplug to dumpxml
Eric Blake
eblake at redhat.com
Mon Oct 24 21:01:56 UTC 2011
On 10/24/2011 04:14 AM, Michal Privoznik wrote:
> On 22.10.2011 01:16, Eric Blake wrote:
>> Detected by Coverity. Both text and JSON monitors set only the
>> bus and unit fields, which means driveAddr.controller spends
>> life as garbage on the stack, and is then memcpy()'d into the
>> in-memory representation which the user can see via dumpxml.
>>
>> * src/qemu/qemu_hotplug.c (qemuDomainAttachSCSIDisk): Only copy
>> defined fields.
>> ---
>>
>> I have to admit that Coverity is good - it took me several minutes
>> to follow the trail down to qemu_monitor_{text,json}.c and prove to
>> myself that driveAddr.controller really is untouched on success.
>>
>> I didn't actually try to exploit this one - it depends on whatever
>> is already on the stack, and your compiler optimization levels,
>> before you would ever see dumpxml giving bogus information in
>> the<address controller='garbage'> field of the hotplugged<disk>.
>>
>> src/qemu/qemu_hotplug.c | 3 ++-
>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>
>
> ACK
Thanks; pushed.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
More information about the libvir-list
mailing list