[Libvir] [PATCH] properly check buffer size in virDomainXMLDevID
As promised, a patch to protect the 80-character "device id" buffer from overflow by the unbounded "device=" XML attribute. Before, a large "device" attribute gave a stack overflow error; now it merely results in an obscure (but non-fatal) xend error like so: libvir: Xen Daemon error : POST operation failed: (xend.err "invalid literal for int() with base 10: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'") (the long string of "x"es was my way of overflowing the buffer). Please ACK... --Hugh -- Red Hat Virtualization Group http://redhat.com/virtualization Hugh Brock | virt-manager http://virt-manager.org hbrock@redhat.com | virtualization library http://libvirt.org
Hugh Brock wrote:
As promised, a patch to protect the 80-character "device id" buffer from overflow by the unbounded "device=" XML attribute. Before, a large "device" attribute gave a stack overflow error; now it merely results in an obscure (but non-fatal) xend error like so:
libvir: Xen Daemon error : POST operation failed: (xend.err "invalid literal for int() with base 10: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'")
(the long string of "x"es was my way of overflowing the buffer).
Please ACK...
+1 Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903
Richard W.M. Jones wrote:
Hugh Brock wrote:
As promised, a patch to protect the 80-character "device id" buffer from overflow by the unbounded "device=" XML attribute. Before, a large "device" attribute gave a stack overflow error; now it merely results in an obscure (but non-fatal) xend error like so:
libvir: Xen Daemon error : POST operation failed: (xend.err "invalid literal for int() with base 10: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'")
(the long string of "x"es was my way of overflowing the buffer).
Please ACK...
+1
Rich.
If someone could commit this please I would greatly appreciate it... thanks, --Hugh -- Red Hat Virtualization Group http://redhat.com/virtualization Hugh Brock | virt-manager http://virt-manager.org hbrock@redhat.com | virtualization library http://libvirt.org
Hugh Brock wrote:
Richard W.M. Jones wrote:
Hugh Brock wrote:
As promised, a patch to protect the 80-character "device id" buffer from overflow by the unbounded "device=" XML attribute. Before, a large "device" attribute gave a stack overflow error; now it merely results in an obscure (but non-fatal) xend error like so:
libvir: Xen Daemon error : POST operation failed: (xend.err "invalid literal for int() with base 10: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'")
(the long string of "x"es was my way of overflowing the buffer).
Please ACK...
+1
Rich.
If someone could commit this please I would greatly appreciate it...
thanks, --Hugh
Done. Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903
participants (2)
-
Hugh Brock -
Richard W.M. Jones