Re: [libvirt] [PATCH] qemu restore: don't let corrupt input provoke unwarranted OOM
According to Jim Meyering on 3/3/2010 3:38 AM:
Subject: [PATCH] qemu restore: don't let corrupt input provoke
unwarranted OOM
* src/qemu/qemu_driver.c (qemudDomainRestore): A corrupt save file
(in particular, a too-large header.xml_len value) would cause an
unwarranted out-of-memory error. Do not trust the just-read
header.xml_len. Instead, merely use that as a hint, and
read/allocate up to that number of bytes from the file.
ACK. The damage of a malicious header is limited to a DoS, and not
arbitrary execution, so I agree that this is not a show-stopper for 0.7.7,
but it is definitely a bug fix.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 320 bytes)