External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 04:25:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

commandhelper: Make number of fds variable in parseArguments

Browse Source 
Fixes a buffer overflow triggered when more than three "--readfd"
arguments were given on the command line.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Tim Wiederhake 2021-02-01 12:27:59 +01:00 committed by Peter Krempa
parent 8cdbedfdbf
commit a74d283a77
1 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
tests/commandhelper.c
View File

@ -36,7 +36,7 @@ extern char **environ;
# define VIR_FROM_THIS VIR_FROM_NONE # define VIR_FROM_THIS VIR_FROM_NONE
struct Arguments { struct Arguments {
int readfds[3]; int *readfds;
int numreadfds; int numreadfds;
bool daemonize_check; bool daemonize_check;
bool close_stdin; bool close_stdin;
@ -51,6 +51,9 @@ static struct Arguments *parseArguments(int argc, char** argv)
if (!(args = calloc(1, sizeof(*args)))) if (!(args = calloc(1, sizeof(*args))))
goto cleanup; goto cleanup;
if (!(args->readfds = calloc(1, sizeof(*args->readfds))))
goto cleanup;
args->numreadfds = 1; args->numreadfds = 1;
args->readfds[0] = STDIN_FILENO; args->readfds[0] = STDIN_FILENO;
@ -58,6 +61,12 @@ static struct Arguments *parseArguments(int argc, char** argv)
if (STREQ(argv[i - 1], "--readfd")) { if (STREQ(argv[i - 1], "--readfd")) {
char c; char c;
args->readfds = realloc(args->readfds,
(args->numreadfds + 1) *
sizeof(*args->readfds));
if (!args->readfds)
goto cleanup;
if (1 != sscanf(argv[i], "%u%c", if (1 != sscanf(argv[i], "%u%c",
&args->readfds[args->numreadfds++], &c)) { &args->readfds[args->numreadfds++], &c)) {
printf("Could not parse fd %s\n", argv[i]); printf("Could not parse fd %s\n", argv[i]);
@ -76,7 +85,12 @@ static struct Arguments *parseArguments(int argc, char** argv)
if (ret == 0) if (ret == 0)
return args; return args;
if (args) {
if (args->readfds)
free(args->readfds);
free(args); free(args);
}
return NULL; return NULL;
} }
@ -343,8 +357,11 @@ int main(int argc, char **argv) {
ret = EXIT_SUCCESS; ret = EXIT_SUCCESS;
cleanup: cleanup:
if (args) if (args) {
if (args->readfds)
free(args->readfds);
free(args); free(args);
}
if (log) if (log)
fclose(log); fclose(log);
return ret; return ret;