[PATCH] qemu_block: Validate number of hosts for iSCSI disk device
An iSCSI device with zero hosts will result in a segmentation fault. This patch adds a check for the number of hosts, which must be one in the case of iSCSI. Minimal reproducing XML: <domain type='qemu'> <name>MyGuest</name> <uuid>4dea22b3-1d52-d8f3-2516-782e98ab3fa0</uuid> <os> <type arch='x86_64'>hvm</type> </os> <memory>4096</memory> <devices> <disk type='network'> <source name='dummy' protocol='iscsi'/> <target dev='vda'/> </disk> </devices> </domain> Signed-off-by: Rayhan Faizel <rayhan.faizel@gmail.com> --- This crashing XML was detected by the WIP fuzzer which is being developed as part of Google Summer of Code 2024. src/qemu/qemu_block.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 738b72d7ea..d6cdf521c4 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -602,6 +602,12 @@ qemuBlockStorageSourceGetISCSIProps(virStorageSource *src, * } */ + if (src->nhosts != 1) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("iSCSI protocol accepts only one host")); + return NULL; + } + target = g_strdup(src->path); /* Separate the target and lun */ -- 2.34.1
On Thu, Jun 06, 2024 at 15:45:16 +0530, Rayhan Faizel wrote:
An iSCSI device with zero hosts will result in a segmentation fault. This patch adds a check for the number of hosts, which must be one in the case of iSCSI.
Minimal reproducing XML:
<domain type='qemu'> <name>MyGuest</name> <uuid>4dea22b3-1d52-d8f3-2516-782e98ab3fa0</uuid> <os> <type arch='x86_64'>hvm</type> </os> <memory>4096</memory> <devices> <disk type='network'> <source name='dummy' protocol='iscsi'/> <target dev='vda'/> </disk> </devices> </domain>
Please transform this bit into a test case in qemuxmlconftest to see that it's properly rejected.
Signed-off-by: Rayhan Faizel <rayhan.faizel@gmail.com> --- This crashing XML was detected by the WIP fuzzer which is being developed as part of Google Summer of Code 2024.
src/qemu/qemu_block.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 738b72d7ea..d6cdf521c4 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -602,6 +602,12 @@ qemuBlockStorageSourceGetISCSIProps(virStorageSource *src, * } */
+ if (src->nhosts != 1) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("iSCSI protocol accepts only one host")); + return NULL; + } +
Fix looks good.
target = g_strdup(src->path);
/* Separate the target and lun */ -- 2.34.1
participants (2)
-
Peter Krempa -
Rayhan Faizel