[PATCH 2/2] virconf: Fix numeric overflow when parsing numbers in conf files
The number is parsed manually without making sure it'll fit.
Fixes: 3bbac7cdb67
Closes: https://gitlab.com/libvirt/libvirt/-/issues/671
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/util/virconf.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/util/virconf.c b/src/util/virconf.c
index 8fdf40e9d0..da07af178d 100644
--- a/src/util/virconf.c
+++ b/src/util/virconf.c
@@ -347,6 +347,12 @@ virConfParseLong(virConfParserCtxt *ctxt, long long *val)
return -1;
}
while ((ctxt->cur < ctxt->end) && (g_ascii_isdigit(CUR))) {
+ if (l > LLONG_MAX / 10) {
+ virConfError(ctxt, VIR_ERR_OVERFLOW,
+ _("numeric overflow in conf value"));
+ return -1;
+ }
+
l = l * 10 + (CUR - '0');
NEXT;
}
--
2.46.0