External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-26 07:36:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

uml: sanity check external data before using it

Browse Source 
Otherwise, a malicious packet could cause a DoS via spurious
out-of-memory failure.

* src/uml/uml_driver.c (umlMonitorCommand): Validate that incoming
data is reliable before using it to allocate/dereference memory.
Don't report bogus errno on short read.
Reported by Jim Meyering.
This commit is contained in:
Eric Blake 2010-03-03 09:31:02 -07:00
parent d0dabc2bf8
commit 582c75ec45
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/uml/uml_driver.c
View File

@ -734,15 +734,15 @@ static int umlMonitorCommand(const struct uml_driver *driver,
if (nbytes < 0) { if (nbytes < 0) {
if (errno == EAGAIN || errno == EINTR) if (errno == EAGAIN || errno == EINTR)
continue; continue;
virReportSystemError(errno, virReportSystemError(errno, _("cannot read reply %s"), cmd);
_("cannot read reply %s"),
cmd);
goto error; goto error;
} }
if (nbytes < sizeof res) { if (nbytes < sizeof res) {
virReportSystemError(errno, virReportSystemError(0, _("incomplete reply %s"), cmd);
_("incomplete reply %s"), goto error;
cmd); }
if (sizeof res.data < res.length) {
virReportSystemError(0, _("invalid length in reply %s"), cmd);
goto error; goto error;
} }