External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-10 23:07:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
13,486 Commits 67 Branches 630 Tags 885 MiB
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.6%
Other 0.8%
56f11b41d1
Go to file
Laine Stump 56f11b41d1 util: eliminate "use after free" in callers of virNetDevLinkDump 
virNetDevLinkDump() gets a message from netlink into "resp", then
calls nlmsg_parse() to fill the table "tb" with pointers into resp. It
then returns tb to its caller, but not before freeing the buffer at
resp. That means that all the callers of virNetDevLinkDump() are
examining memory that has already been freed. This can be verified by
filling the buffer at resp with garbage prior to freeing it (or, I
suppose, just running libvirtd under valgrind) then performing some
operation that calls virNetDevLinkDump().

The upstream commit log incorrectly states that the code has been like
this ever since virNetDevLinkDump() was written. In reality, the
problem was introduced with commit e95de74d, first in libvirt-1.0.5,
which was attempting to eliminate a typecast that caused compiler
warnings. It has only been pure luck (or maybe a lack of heavy load,
and/or maybe an allocation algorithm in malloc() that delays re-use of
just-freed memory) that has kept this from causing errors, for example
when configuring a PCI passthrough or macvtap passthrough network
interface.

The solution taken in this patch is the simplest - just return resp to
the caller along with tb, then have the caller free it after they are
finished using the data (pointers) in tb. I alternately could have
made a cleaner interface by creating a new struct that put tb and resp
together along with a vir*Free() function for it, but this function is
only used in a couple places, and I'm not sure there will be
additional new uses of virNetDevLinkDump(), so the value of adding a
new type, extra APIs, etc. is dubious.

(cherry picked from commit f9f9699f40)

Conflicts:
	src/util/virnetdevvportprofile.c - whitespace/copyright change
2014-11-13 13:00:01 -05:00
.gnulib@a363f4ed4a build: update to latest gnulib, for syntax-check 2013-05-10 20:52:57 -06:00
build-aux syntax-check: mandate space after mid-line semicolon 2013-05-28 08:26:05 -06:00
daemon Fix max stream packet size for old clients 2013-10-01 13:59:12 +01:00
docs docs: publish correct enum values 2014-06-26 16:59:23 -06:00
examples syntax: prefer space after semicolon in for loop 2013-05-28 07:56:07 -06:00
gnulib build: fix 'make check' with newer git 2014-07-02 22:09:21 -06:00
include Change virConnectDomainEventGraphicsCallback signature 2013-05-22 18:53:59 +02:00
m4 FreeBSD: disable buggy -fstack-protector-all 2013-05-15 15:20:52 -06:00
po Release of libvirt 1.0.6 2013-06-03 12:09:56 +02:00
python python: return dictionary without value in case of no blockjob 2014-09-22 14:06:56 +02:00
src util: eliminate "use after free" in callers of virNetDevLinkDump 2014-11-13 13:00:01 -05:00
tests Remove virConnectPtr arg from virNWFilterDefParse* 2014-02-06 14:48:55 +02:00
tools virsh: Fix debugging 2013-10-18 08:24:55 +02:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap Autogenerate AUTHORS 2012-10-19 12:44:56 -04:00
AUTHORS.in Add John Ferlan to the committers list 2013-02-05 10:59:32 -05:00
autobuild.sh Set PKG_CONFIG_LIBDIR in autobuild.sh 2013-05-17 17:09:29 +01:00
autogen.sh build: fix incremental autogen.sh when no AUTHORS is present 2012-12-03 14:59:09 -07:00
bootstrap maint: update to latest gnulib 2013-05-08 14:54:04 -06:00
bootstrap.conf Include GNULIB mkdtemp module 2013-05-17 17:09:29 +01:00
cfg.mk syntax: fix broken error message in previous patch 2013-05-28 09:52:03 -06:00
ChangeLog-old virterror.c: Fix several spelling mistakes 2012-02-03 11:32:51 -07:00
configure.ac Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) 2013-09-18 16:30:47 +01:00
COPYING maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
COPYING.LESSER maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
HACKING Fix minor typos in messages and docs 2014-02-18 17:07:40 +00:00
libvirt.pc.in build: silence warning from autoconf 2012-05-30 09:22:02 -06:00
libvirt.spec.in Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) 2013-09-18 16:30:47 +01:00
Makefile.am maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
Makefile.nonreentrant maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
mingw-libvirt.spec.in test: Return Libvirt logo as domain screenshot 2013-04-02 14:38:56 +02:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
run.in run: license as LGPL 2013-02-23 14:03:19 -07:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

README 

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>