Peter Krempa (2): conf: Don't overwrite KVM feature config struct if the feature is present twicea virconf: Fix numeric overflow when parsing numbers in conf files src/conf/domain_conf.c | 15 ++++++++------- src/util/virconf.c | 6 ++++++ 2 files changed, 14 insertions(+), 7 deletions(-) -- 2.46.0
Don't allocate the struct if it exists already. This sidesteps the discussion about whether forbidding multiple feature definitions makes sense. Fixes: a8e0f9c682143c63897de5c379d3ac3791c51970 Closes: https://gitlab.com/libvirt/libvirt/-/issues/670 Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/conf/domain_conf.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 5f0b35be5e..a263612ef7 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -16657,10 +16657,12 @@ static int virDomainFeaturesKVMDefParse(virDomainDef *def, xmlNodePtr node) { - g_autofree virDomainFeatureKVM *kvm = g_new0(virDomainFeatureKVM, 1); g_autoptr(GPtrArray) feats = virXMLNodeGetSubelementList(node, NULL); size_t i; + if (!def->kvm_features) + def->kvm_features = g_new0(virDomainFeatureKVM, 1); + for (i = 0; i < feats->len; i++) { xmlNodePtr feat = g_ptr_array_index(feats, i); int feature; @@ -16678,20 +16680,20 @@ virDomainFeaturesKVMDefParse(virDomainDef *def, &value) < 0) return -1; - kvm->features[feature] = value; + def->kvm_features->features[feature] = value; /* dirty ring feature should parse size property */ if (feature == VIR_DOMAIN_KVM_DIRTY_RING && value == VIR_TRISTATE_SWITCH_ON) { if (virXMLPropUInt(feat, "size", 0, VIR_XML_PROP_REQUIRED, - &kvm->dirty_ring_size) < 0) { + &def->kvm_features->dirty_ring_size) < 0) { return -1; } - if (!VIR_IS_POW2(kvm->dirty_ring_size) || - kvm->dirty_ring_size < 1024 || - kvm->dirty_ring_size > 65536) { + if (!VIR_IS_POW2(def->kvm_features->dirty_ring_size) || + def->kvm_features->dirty_ring_size < 1024 || + def->kvm_features->dirty_ring_size > 65536) { virReportError(VIR_ERR_XML_ERROR, "%s", _("dirty ring must be power of 2 and ranges [1024, 65536]")); @@ -16701,7 +16703,6 @@ virDomainFeaturesKVMDefParse(virDomainDef *def, } def->features[VIR_DOMAIN_FEATURE_KVM] = VIR_TRISTATE_SWITCH_ON; - def->kvm_features = g_steal_pointer(&kvm); return 0; } -- 2.46.0
On 9/6/24 14:31, Peter Krempa wrote:
Don't allocate the struct if it exists already. This sidesteps the discussion about whether forbidding multiple feature definitions makes sense.
Fixes: a8e0f9c682143c63897de5c379d3ac3791c51970 Closes: https://gitlab.com/libvirt/libvirt/-/issues/670 Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/conf/domain_conf.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-)
s/twicea/twice/ in $SUBJ. Michal
The number is parsed manually without making sure it'll fit. Fixes: 3bbac7cdb67 Closes: https://gitlab.com/libvirt/libvirt/-/issues/671 Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/util/virconf.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/util/virconf.c b/src/util/virconf.c index 8fdf40e9d0..da07af178d 100644 --- a/src/util/virconf.c +++ b/src/util/virconf.c @@ -347,6 +347,12 @@ virConfParseLong(virConfParserCtxt *ctxt, long long *val) return -1; } while ((ctxt->cur < ctxt->end) && (g_ascii_isdigit(CUR))) { + if (l > LLONG_MAX / 10) { + virConfError(ctxt, VIR_ERR_OVERFLOW, + _("numeric overflow in conf value")); + return -1; + } + l = l * 10 + (CUR - '0'); NEXT; } -- 2.46.0
On 9/6/24 14:31, Peter Krempa wrote:
Peter Krempa (2): conf: Don't overwrite KVM feature config struct if the feature is present twicea virconf: Fix numeric overflow when parsing numbers in conf files
src/conf/domain_conf.c | 15 ++++++++------- src/util/virconf.c | 6 ++++++ 2 files changed, 14 insertions(+), 7 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal
participants (2)
-
Michal Prívozník -
Peter Krempa