mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 14:45:24 +00:00
qemu restore: don't let corrupt input provoke unwarranted OOM
* src/qemu/qemu_driver.c (qemudDomainRestore): A corrupt save file (in particular, a too-large header.xml_len value) would cause an unwarranted out-of-memory error. Do not trust the just-read header.xml_len. Instead, merely use that as a hint, and read/allocate up to that number of bytes from the file. Also verify that header.xml_len is positive; if it were negative, passing it to virFileReadLimFD could cause trouble.
This commit is contained in:
parent
32884a7ef6
commit
1a4d5c9543
@ -5117,12 +5117,13 @@ static int qemudDomainRestore(virConnectPtr conn,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (VIR_ALLOC_N(xml, header.xml_len) < 0) {
|
||||
virReportOOMError();
|
||||
if (header.xml_len <= 0) {
|
||||
qemuReportError(VIR_ERR_OPERATION_FAILED,
|
||||
_("invalid XML length: %d"), header.xml_len);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (saferead(fd, xml, header.xml_len) != header.xml_len) {
|
||||
if (virFileReadLimFD(fd, header.xml_len, &xml) != header.xml_len) {
|
||||
qemuReportError(VIR_ERR_OPERATION_FAILED,
|
||||
"%s", _("failed to read XML"));
|
||||
goto cleanup;
|
||||
|
Loading…
Reference in New Issue
Block a user