mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-12 07:42:56 +00:00
uml: sanity check external data before using it
Otherwise, a malicious packet could cause a DoS via spurious out-of-memory failure. * src/uml/uml_driver.c (umlMonitorCommand): Validate that incoming data is reliable before using it to allocate/dereference memory. Don't report bogus errno on short read. Reported by Jim Meyering.
This commit is contained in:
parent
d0dabc2bf8
commit
582c75ec45
@ -734,15 +734,15 @@ static int umlMonitorCommand(const struct uml_driver *driver,
|
||||
if (nbytes < 0) {
|
||||
if (errno == EAGAIN || errno == EINTR)
|
||||
continue;
|
||||
virReportSystemError(errno,
|
||||
_("cannot read reply %s"),
|
||||
cmd);
|
||||
virReportSystemError(errno, _("cannot read reply %s"), cmd);
|
||||
goto error;
|
||||
}
|
||||
if (nbytes < sizeof res) {
|
||||
virReportSystemError(errno,
|
||||
_("incomplete reply %s"),
|
||||
cmd);
|
||||
virReportSystemError(0, _("incomplete reply %s"), cmd);
|
||||
goto error;
|
||||
}
|
||||
if (sizeof res.data < res.length) {
|
||||
virReportSystemError(0, _("invalid length in reply %s"), cmd);
|
||||
goto error;
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user