Re: [libvirt] [PATCHv2 2/5] domifaddr: Implement the remote protocol
On Sun, Aug 18, 2013 at 03:33:16PM +0800, Osier Yang wrote:
On 15/08/13 17:36, Daniel P. Berrange wrote:
>>diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
>>index 7cfebdf..06929e7 100644
>>--- a/src/remote/remote_protocol.x
>>+++ b/src/remote/remote_protocol.x
>>@@ -2837,6 +2837,27 @@ struct remote_domain_event_device_removed_msg {
>> remote_nonnull_string devAlias;
>> };
>>+struct remote_domain_ip_addr {
>>+ int type;
>>+ remote_nonnull_string addr;
>>+ int prefix;
>>+};
>>+
>>+struct remote_domain_interface {
>>+ remote_nonnull_string name;
>>+ remote_string hwaddr;
>>+ remote_domain_ip_addr ip_addrs<>;
>Use of <> *NOT* allowed - this is a security flaw allowing the client
>to trigger DOS on libvirtd allocating memory. Follow the examples of
>other APis which set an explicit limit.
In that case, we have bug on APIs like listAllDomains too, as they use
variable-length array too.
Sigh. In future please don't report security problems like that on this
mailing list. We have a dedicated security list for responsible disclosure
of issues in libvirt released code.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|