External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-26 18:41:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix array out of bounds in capabilities code parsing

Browse Source
This commit is contained in:
Daniel P. Berrange 2008-04-29 14:13:54 +00:00
parent 1968468ca4
commit b1f791adb0
2 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
Tue Apr 29 10:10:00 EST 2008 Daniel P. Berrange <berrange@redhat.com>
* src/xen_internal.c: Fix array out of bounds access in parsing
capabilities data from Xen
Tue Apr 29 10:06:00 EST 2008 Daniel P. Berrange <berrange@redhat.com> Tue Apr 29 10:06:00 EST 2008 Daniel P. Berrange <berrange@redhat.com>
* docs/formatnetwork.html, docs/formatnetwork.html.in: Added * docs/formatnetwork.html, docs/formatnetwork.html.in: Added

19
src/xen_internal.c
View File

@ -2349,28 +2349,31 @@ xenHypervisorMakeCapabilitiesXML(virConnectPtr conn,
if (regexec (&xen_cap_rec, token, sizeof subs / sizeof subs[0], if (regexec (&xen_cap_rec, token, sizeof subs / sizeof subs[0],
subs, 0) == 0) { subs, 0) == 0) {
int hvm = strncmp (&token[subs[1].rm_so], "hvm", 3) == 0; int hvm = STRPREFIX(&token[subs[1].rm_so], "hvm");
const char *model; const char *model;
int bits, pae = 0, nonpae = 0, ia64_be = 0; int bits, pae = 0, nonpae = 0, ia64_be = 0;
if (strncmp (&token[subs[2].rm_so], "x86_32", 6) == 0) {
if (STRPREFIX(&token[subs[2].rm_so], "x86_32")) {
model = "i686"; model = "i686";
bits = 32; bits = 32;
if (strncmp (&token[subs[3].rm_so], "p", 1) == 0) if (subs[3].rm_so != -1 &&
STRPREFIX(&token[subs[3].rm_so], "p"))
pae = 1; pae = 1;
else else
nonpae = 1; nonpae = 1;
} }
else if (strncmp (&token[subs[2].rm_so], "x86_64", 6) == 0) { else if (STRPREFIX(&token[subs[2].rm_so], "x86_64")) {
model = "x86_64"; model = "x86_64";
bits = 64; bits = 64;
} }
else if (strncmp (&token[subs[2].rm_so], "ia64", 4) == 0) { else if (STRPREFIX(&token[subs[2].rm_so], "ia64")) {
model = "ia64"; model = "ia64";
bits = 64; bits = 64;
if (strncmp (&token[subs[3].rm_so], "be", 2) == 0) if (subs[3].rm_so != -1 &&
STRPREFIX(&token[subs[3].rm_so], "be"))
ia64_be = 1; ia64_be = 1;
} }
else if (strncmp (&token[subs[2].rm_so], "powerpc64", 4) == 0) { else if (STRPREFIX(&token[subs[2].rm_so], "powerpc64")) {
model = "ppc64"; model = "ppc64";
bits = 64; bits = 64;
} else { } else {
@ -2380,7 +2383,7 @@ xenHypervisorMakeCapabilitiesXML(virConnectPtr conn,
/* Search for existing matching (model,hvm) tuple */ /* Search for existing matching (model,hvm) tuple */
for (i = 0 ; i < nr_guest_archs ; i++) { for (i = 0 ; i < nr_guest_archs ; i++) {
if (!strcmp(guest_archs[i].model, model) && if (STREQ(guest_archs[i].model, model) &&
guest_archs[i].hvm == hvm) { guest_archs[i].hvm == hvm) {
break; break;
} }