Re: [libvirt] [PATCHv2 2/5] domifaddr: Implement the remote protocol
On 08/19/2013 05:16 AM, Daniel P. Berrange wrote:
>>> + remote_domain_ip_addr ip_addrs<>;
>> Use of <> *NOT* allowed - this is a security flaw allowing the client
>> to trigger DOS on libvirtd allocating memory. Follow the examples of
>> other APis which set an explicit limit.
>
> In that case, we have bug on APIs like listAllDomains too, as they use
> variable-length array too.
Sigh. In future please don't report security problems like that on this
mailing list. We have a dedicated security list for responsible disclosure
of issues in libvirt released code.
I don't see this as a security decision. Our choice to use <> in
listAllDomains was conscious, and discussed on this list - we are saved
by the fact that the overall RPC code is still bounded in size, and that
limiting the length of the list did not buy us any more security than
what we got by cramming in the maximum number of possible results into
the overall size of the RPC call.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 621 bytes)