Re: [libvirt] [PATCH] don't let a bogus packet trigger over-allocation and segfault
According to Jim Meyering on 3/3/2010 9:26 AM:
>> Another not-really-urgent fix:
Not sure whether this is 0.7.7 material to plug the crash, or whether it
can wait. Either way,...
Subject: [PATCH] xen: don't let bogus packets trigger
over-allocation and segfault
if (ans.data.arg == -1)
return NULL;
- if (ans.len <= sizeof(virProxyPacket)) {
+ if (ans.len <= sizeof(virProxyPacket)
+ || ans.len > sizeof (ans) - sizeof(virProxyPacket)) {
virProxyError(conn, VIR_ERR_OPERATION_FAILED, __FUNCTION__);
return NULL;
}
xmllen = ans.len - sizeof (virProxyPacket);
if (VIR_ALLOC_N(xml, xmllen+1) < 0) {
virReportOOMError();
return NULL;
}
- memmove (xml, ans.extra.str, xmllen);
+ memcpy (xml, ans.extra.str, xmllen);
ACK to all three portions of the squashed patch.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 320 bytes)