qemu restore: don't let corrupt input provoke unwarranted OOM

* src/qemu/qemu_driver.c (qemudDomainRestore): A corrupt save file
(in particular, a too-large header.xml_len value) would cause an
unwarranted out-of-memory error.  Do not trust the just-read
header.xml_len.  Instead, merely use that as a hint, and
read/allocate up to that number of bytes from the file.
Also verify that header.xml_len is positive; if it were negative,
passing it to virFileReadLimFD could cause trouble.
This commit is contained in:
Jim Meyering 2010-03-03 11:27:16 +01:00
parent 32884a7ef6
commit 1a4d5c9543

View File

@ -5117,12 +5117,13 @@ static int qemudDomainRestore(virConnectPtr conn,
goto cleanup;
}
if (VIR_ALLOC_N(xml, header.xml_len) < 0) {
virReportOOMError();
if (header.xml_len <= 0) {
qemuReportError(VIR_ERR_OPERATION_FAILED,
_("invalid XML length: %d"), header.xml_len);
goto cleanup;
}
if (saferead(fd, xml, header.xml_len) != header.xml_len) {
if (virFileReadLimFD(fd, header.xml_len, &xml) != header.xml_len) {
qemuReportError(VIR_ERR_OPERATION_FAILED,
"%s", _("failed to read XML"));
goto cleanup;