External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 03:25:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
13,180 Commits 67 Branches 629 Tags 868 MiB
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.6%
Other 0.8%
0869cab5fe
Go to file
Laine Stump 0869cab5fe util: eliminate "use after free" in callers of virNetDevLinkDump 
virNetDevLinkDump() gets a message from netlink into "resp", then
calls nlmsg_parse() to fill the table "tb" with pointers into resp. It
then returns tb to its caller, but not before freeing the buffer at
resp. That means that all the callers of virNetDevLinkDump() are
examining memory that has already been freed. This can be verified by
filling the buffer at resp with garbage prior to freeing it (or, I
suppose, just running libvirtd under valgrind) then performing some
operation that calls virNetDevLinkDump().

The upstream commit log incorrectly states that the code has been like
this ever since virNetDevLinkDump() was written. In reality, the
problem was introduced with commit e95de74d, first in libvirt-1.0.5,
which was attempting to eliminate a typecast that caused compiler
warnings. It has only been pure luck (or maybe a lack of heavy load,
and/or maybe an allocation algorithm in malloc() that delays re-use of
just-freed memory) that has kept this from causing errors, for example
when configuring a PCI passthrough or macvtap passthrough network
interface.

The solution taken in this patch is the simplest - just return resp to
the caller along with tb, then have the caller free it after they are
finished using the data (pointers) in tb. I alternately could have
made a cleaner interface by creating a new struct that put tb and resp
together along with a vir*Free() function for it, but this function is
only used in a couple places, and I'm not sure there will be
additional new uses of virNetDevLinkDump(), so the value of adding a
new type, extra APIs, etc. is dubious.

(cherry picked from commit f9f9699f40)

Conflicts:
	src/util/virnetdevvportprofile.c - whitespace/copyright change
2014-11-13 13:05:41 -05:00
.gnulib@644c40496c maint: update to latest gnulib 2013-07-29 15:59:14 -06:00
build-aux Document bracket whitespace rules & add syntax-check rule 2012-11-02 14:00:32 +00:00
daemon Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) 2013-09-18 14:03:38 -06:00
docs docs: publish correct enum values 2014-06-26 17:08:15 -06:00
examples examples: fix mingw build vs. printf 2013-07-29 16:20:29 -06:00
gnulib build: fix 'make check' with newer git 2014-07-02 22:19:11 -06:00
include Add a virGetLastErrorMessage() function 2013-06-12 16:37:55 -04:00
m4 Fix build with clang 2013-07-29 15:59:21 -06:00
po Prep for release 1.0.5.9 2014-01-16 20:33:29 -05:00
python Return right error code for baselineCPU 2013-12-14 13:39:20 -05:00
src util: eliminate "use after free" in callers of virNetDevLinkDump 2014-11-13 13:05:41 -05:00
tests Don't ignore errors parsing nwfilter rules 2014-02-06 15:05:31 +02:00
tools libvirt-guests: Run only after libvirtd 2013-11-20 09:04:09 -05:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore Add a test suite for cgroups functionality 2013-04-15 17:35:31 +01:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap Autogenerate AUTHORS 2012-10-19 12:44:56 -04:00
AUTHORS.in Add John Ferlan to the committers list 2013-02-05 10:59:32 -05:00
autobuild.sh Disable static libraries by default 2013-04-03 11:02:27 +01:00
autogen.sh build: honor autogen.sh --no-git 2013-07-29 15:58:59 -06:00
bootstrap maint: update to latest gnulib 2013-07-29 15:59:14 -06:00
bootstrap.conf maint: update to latest gnulib 2013-07-29 15:59:14 -06:00
cfg.mk build: honor autogen.sh --no-git 2013-07-29 15:58:59 -06:00
ChangeLog-old virterror.c: Fix several spelling mistakes 2012-02-03 11:32:51 -07:00
configure.ac Prep for release 1.0.5.9 2014-01-16 20:33:29 -05:00
COPYING.LIB Update to COPYING.LIB to latest LGPLv2.1 copy 2013-03-15 10:50:32 +01:00
HACKING Fix minor typos in messages and docs 2014-02-18 17:37:25 +00:00
libvirt.pc.in build: silence warning from autoconf 2012-05-30 09:22:02 -06:00
libvirt.spec.in Prep for release 1.0.5.9 2014-01-16 20:33:29 -05:00
Makefile.am build: Fix AUTHORS generation 2012-12-17 21:17:55 +01:00
Makefile.nonreentrant Ban use of all inet_* functions 2010-10-22 11:59:23 +01:00
mingw-libvirt.spec.in test: Return Libvirt logo as domain screenshot 2013-04-02 14:38:56 +02:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
run.in run: license as LGPL 2013-02-23 14:03:19 -07:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

README 

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>