[libvirt PATCH 15/19] commandhelper: Make number of fds variable in parseArguments
Fixes a buffer overflow triggered when more than three "--readfd"
arguments were given on the command line.
Signed-off-by: Tim Wiederhake <twiederh(a)redhat.com>
---
tests/commandhelper.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/tests/commandhelper.c b/tests/commandhelper.c
index 72a3e89da1..6d5fe04042 100644
--- a/tests/commandhelper.c
+++ b/tests/commandhelper.c
@@ -36,7 +36,7 @@ extern char **environ;
# define VIR_FROM_THIS VIR_FROM_NONE
struct Arguments {
- int readfds[3];
+ int *readfds;
int numreadfds;
bool daemonize_check;
bool close_stdin;
@@ -51,6 +51,9 @@ static struct Arguments *parseArguments(int argc, char** argv)
if (!(args = calloc(1, sizeof(*args))))
goto cleanup;
+ if (!(args->readfds = calloc(1, sizeof(*args->readfds))))
+ goto cleanup;
+
args->numreadfds = 1;
args->readfds[0] = STDIN_FILENO;
@@ -58,6 +61,12 @@ static struct Arguments *parseArguments(int argc, char** argv)
if (STREQ(argv[i - 1], "--readfd")) {
char c;
+ args->readfds = realloc(args->readfds,
+ (args->numreadfds + 1) *
+ sizeof(*args->readfds));
+ if (!args->readfds)
+ goto cleanup;
+
if (1 != sscanf(argv[i], "%u%c",
&args->readfds[args->numreadfds++], &c)) {
printf("Could not parse fd %s\n", argv[i]);
@@ -76,7 +85,12 @@ static struct Arguments *parseArguments(int argc, char** argv)
if (ret == 0)
return args;
- free(args);
+ if (args) {
+ if (args->readfds)
+ free(args->readfds);
+ free(args);
+ }
+
return NULL;
}
--
2.26.2