Re: [Libvir] [PATCH] properly check buffer size in virDomainXMLDevID
Richard W.M. Jones wrote:
Hugh Brock wrote:
> As promised, a patch to protect the 80-character "device id" buffer
> from overflow by the unbounded "device=" XML attribute. Before, a
> large "device" attribute gave a stack overflow error; now it merely
> results in an obscure (but non-fatal) xend error like so:
>
>
> libvir: Xen Daemon error : POST operation failed: (xend.err "invalid
> literal for int() with base 10:
>
'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'")
>
>
> (the long string of "x"es was my way of overflowing the buffer).
>
> Please ACK...
+1
Rich.
If someone could commit this please I would greatly appreciate it...
thanks,
--Hugh
--
Red Hat Virtualization Group http://redhat.com/virtualization
Hugh Brock | virt-manager http://virt-manager.org
hbrock(a)redhat.com | virtualization library http://libvirt.org