On 09/20/2017 06:48 AM, Jiri Denemark wrote:
After commit 8708ca01c0d libvirtd consistently aborts with
"stack smashing detected" when nodedev driver is initialized.
Apparently this is caused by nlmsg_parse trying to write more than
CTRL_ATTR_MAX bytes in tb because it is told tb can accommodate
CTRL_CMD_MAX bytes.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/util/virnetdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Including the original author on the reply...
Is it possible that instead, the:
if (nlmsg_parse(resp, sizeof(struct nlmsghdr), tb, CTRL_CMD_MAX,
NULL) < 0)
should use CTRL_ATTR_MAX?
If I look at virNetDevSwitchdevFeature it has :
struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {NULL, };
and uses:
if (nlmsg_parse(resp, sizeof(struct genlmsghdr), tb,
DEVLINK_ATTR_MAX, NULL)
John
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index 41a659732b..be8f4b7938 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -3158,7 +3158,7 @@ virNetDevGetFamilyId(const char *family_name)
struct nl_msg *nl_msg = NULL;
struct nlmsghdr *resp = NULL;
struct genlmsghdr* gmsgh = NULL;
- struct nlattr *tb[CTRL_ATTR_MAX + 1] = {NULL, };
+ struct nlattr *tb[CTRL_CMD_MAX + 1] = {NULL, };
unsigned int recvbuflen;
uint32_t family_id = 0;