3 Mar
2010
3 Mar
'10
5:16 p.m.
According to Jim Meyering on 3/3/2010 3:38 AM:
Subject: [PATCH] qemu restore: don't let corrupt input provoke unwarranted OOM
* src/qemu/qemu_driver.c (qemudDomainRestore): A corrupt save file (in particular, a too-large header.xml_len value) would cause an unwarranted out-of-memory error. Do not trust the just-read header.xml_len. Instead, merely use that as a hint, and read/allocate up to that number of bytes from the file.
ACK. The damage of a malicious header is limited to a DoS, and not arbitrary execution, so I agree that this is not a show-stopper for 0.7.7, but it is definitely a bug fix. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org