openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed two bugs in QEMU impl of capabilities call

This commit is contained in:
Daniel P. Berrange 2007-03-15 18:23:00 +00:00
parent 6d11322bc7
commit 33134578b3
3 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@ -1,3 +1,12 @@
Thu Mar 15 14:14:20 EST 2007 Daniel P Berrange <berrange@redhat.com>
* src/qemud_internal.c: Paranoia ensure the XML returned by
the getCapabilities call is NULL terminated before strduping
to protect from malicious / buggy server
* qemud/dispatch.c: Packet length for getCapabilities call
should be the size of the reply body, not the size of the
XML string.
Thu Mar 15 14:14:20 EST 2007 Daniel P Berrange <berrange@redhat.com> Thu Mar 15 14:14:20 EST 2007 Daniel P Berrange <berrange@redhat.com>
* src/xen_internal.c: Fix missing NULL initializer * src/xen_internal.c: Fix missing NULL initializer

2
qemud/dispatch.c
View File

@ -269,7 +269,7 @@ qemudDispatchGetCapabilities (struct qemud_server *server,
return 0; return 0;
} }
out->header.type = QEMUD_PKT_GET_CAPABILITIES; out->header.type = QEMUD_PKT_GET_CAPABILITIES;
out->header.dataSize = len; out->header.dataSize = sizeof(out->data.getCapabilitiesReply);
strcpy (out->data.getCapabilitiesReply.xml, xml->content); strcpy (out->data.getCapabilitiesReply.xml, xml->content);
bufferFree (xml); bufferFree (xml);
return 0; return 0;

2
src/qemu_internal.c
View File

@ -468,6 +468,8 @@ qemuGetCapabilities (virConnectPtr conn)
return NULL; return NULL;
} }
reply.data.getCapabilitiesReply.xml[QEMUD_MAX_XML_LEN-1] = '\0';
xml = strdup (reply.data.getCapabilitiesReply.xml); xml = strdup (reply.data.getCapabilitiesReply.xml);
if (!xml) { if (!xml) {
qemuError (conn, NULL, VIR_ERR_NO_MEMORY, NULL); qemuError (conn, NULL, VIR_ERR_NO_MEMORY, NULL);