[libvirt] [PATCH] virDomainSendKey: validate codeset argument
Ilias Stamatis
stamatis.iliass at gmail.com
Sat Jun 1 12:40:12 UTC 2019
This argument wasn't validated anywhere, neither in the generic
implementation nor in the individual drivers. As a result a call to this
function with a large enough codeset value prior to this change causes
libvirtd to crash.
This happens because all drivers call virKeycodeValueTranslate which
uses codeset as an index to the virKeymapValues array, causing an
out-of-bounds error.
Signed-off-by: Ilias Stamatis <stamatis.iliass at gmail.com>
---
src/libvirt-domain.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index df7e405b3e..c09448927b 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -6837,6 +6837,13 @@ virDomainSendKey(virDomainPtr domain,
virCheckNonNullArgGoto(keycodes, error);
virCheckPositiveArgGoto(nkeycodes, error);
+ if (codeset >= VIR_KEYCODE_SET_LAST) {
+ virReportInvalidArg(codeset,
+ _("codeset must be less than %d"),
+ VIR_KEYCODE_SET_LAST);
+ goto error;
+ }
+
if (nkeycodes > VIR_DOMAIN_SEND_KEY_MAX_KEYS) {
virReportInvalidArg(nkeycodes,
_("nkeycodes must be <= %d"),
--
2.21.0
More information about the libvir-list
mailing list