On 6. 3. 2020 14:28, Daniel P. Berrangé wrote:
In the following recent change:
commit db72866310d1e520efa8ed2d4589bdb5e76a1c95 Author: Daniel P. Berrangé <berrange@redhat.com> Date: Tue Jan 14 10:40:52 2020 +0000
util: add API for reading password from the console
the fact that "bufptr" pointer may point to either heap or stack allocated data was overlooked. As a result, when the strdup was removed, we ended up returning a pointer to the local stack to the caller. When the caller referenced this stack pointer they got out garbage which fairly quickly resulted in a crash.
We need to copy the stack buffer into heap memory in the username case.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> ---
Changed in v2:
- Keep use of fgets for mingw portability, but strdup the static buffer
src/libvirt.c | 5 ++-- tests/Makefile.am | 2 ++ tests/virsh-auth | 57 ++++++++++++++++++++++++++++++++++++++++++++ tests/virsh-auth.xml | 5 ++++ 4 files changed, 67 insertions(+), 2 deletions(-) create mode 100755 tests/virsh-auth create mode 100644 tests/virsh-auth.xml
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal