rpms / libvirt

Clone
Source Code
GIT

Blame SOURCES/libvirt-Add-bounds-checking-on-virConnectListAllSecrets-RPC-call.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale
  1.   43fe83eaf730f3f7762e8a227cf503f95f7ca084
  2.   SOURCES
  3.   libvirt-Add-bounds-checking-on-virConnectListAllSecrets-RPC-call.patch
Blob History Raw
43fe83 
From 6040b8ad9a04434782f7cd037db33768456e151a Mon Sep 17 00:00:00 2001
43fe83 
Message-Id: <6040b8ad9a04434782f7cd037db33768456e151a.1377873640.git.jdenemar@redhat.com>
43fe83 
From: "Daniel P. Berrange" <berrange@redhat.com>
43fe83 
Date: Fri, 30 Aug 2013 11:16:13 +0100
43fe83 
Subject: [PATCH] Add bounds checking on virConnectListAllSecrets RPC call
43fe83
43fe83 
For
43fe83
43fe83 
  https://bugzilla.redhat.com/show_bug.cgi?id=1002667
43fe83
43fe83 
The return values for the virConnectListAllSecrets call were not
43fe83 
bounds checked. This is a robustness issue for clients if
43fe83 
something where to cause corruption of the RPC stream data.
43fe83
43fe83 
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
43fe83 
(cherry picked from commit 47fb5672f2f4e9efcd4e9ec30f5e723c46fa8e6f)
43fe83 
---
43fe83 
 daemon/remote.c              | 7 +++++++
43fe83 
 src/remote/remote_driver.c   | 7 +++++++
43fe83 
 src/remote/remote_protocol.x | 6 +++---
43fe83 
 3 files changed, 17 insertions(+), 3 deletions(-)
43fe83
43fe83 
diff --git a/daemon/remote.c b/daemon/remote.c
43fe83 
index e19b42d..6ace7af 100644
43fe83 
--- a/daemon/remote.c
43fe83 
+++ b/daemon/remote.c
43fe83 
@@ -4433,6 +4433,13 @@ remoteDispatchConnectListAllSecrets(virNetServerPtr server ATTRIBUTE_UNUSED,
43fe83 
                                              args->flags)) < 0)
43fe83 
         goto cleanup;
43fe83
43fe83 
+    if (nsecrets > REMOTE_SECRET_LIST_MAX) {
43fe83 
+        virReportError(VIR_ERR_RPC,
43fe83 
+                       _("Too many secrets '%d' for limit '%d'"),
43fe83 
+                       nsecrets, REMOTE_SECRET_LIST_MAX);
43fe83 
+        goto cleanup;
43fe83 
+    }
43fe83 
+
43fe83 
     if (secrets && nsecrets) {
43fe83 
         if (VIR_ALLOC_N(ret->secrets.secrets_val, nsecrets) < 0)
43fe83 
             goto cleanup;
43fe83 
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
43fe83 
index d486fa5..62e77a5 100644
43fe83 
--- a/src/remote/remote_driver.c
43fe83 
+++ b/src/remote/remote_driver.c
43fe83 
@@ -3107,6 +3107,13 @@ remoteConnectListAllSecrets(virConnectPtr conn,
43fe83 
              (char *) &ret) == -1)
43fe83 
         goto done;
43fe83
43fe83 
+    if (ret.secrets.secrets_len > REMOTE_SECRET_LIST_MAX) {
43fe83 
+        virReportError(VIR_ERR_RPC,
43fe83 
+                       _("Too many secrets '%d' for limit '%d'"),
43fe83 
+                       ret.secrets.secrets_len, REMOTE_SECRET_LIST_MAX);
43fe83 
+        goto cleanup;
43fe83 
+    }
43fe83 
+
43fe83 
     if (secrets) {
43fe83 
         if (VIR_ALLOC_N(tmp_secrets, ret.secrets.secrets_len + 1) < 0)
43fe83 
             goto cleanup;
43fe83 
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
43fe83 
index b2841a7..a1c23da 100644
43fe83 
--- a/src/remote/remote_protocol.x
43fe83 
+++ b/src/remote/remote_protocol.x
43fe83 
@@ -188,7 +188,7 @@ const REMOTE_SECRET_VALUE_MAX = 65536;
43fe83 
 /*
43fe83 
  * Upper limit on list of secrets.
43fe83 
  */
43fe83 
-const REMOTE_SECRET_UUID_LIST_MAX = 16384;
43fe83 
+const REMOTE_SECRET_LIST_MAX = 16384;
43fe83
43fe83 
 /*
43fe83 
  * Upper limit on list of CPUs accepted when computing a baseline CPU.
43fe83 
@@ -2002,7 +2002,7 @@ struct remote_connect_list_secrets_args {
43fe83 
 };
43fe83
43fe83 
 struct remote_connect_list_secrets_ret {
43fe83 
-    remote_nonnull_string uuids<REMOTE_SECRET_UUID_LIST_MAX>; /* insert@1 */
43fe83 
+    remote_nonnull_string uuids<REMOTE_SECRET_LIST_MAX>; /* insert@1 */
43fe83 
 };
43fe83
43fe83 
 struct remote_secret_lookup_by_uuid_args {
43fe83 
@@ -2728,7 +2728,7 @@ struct remote_connect_list_all_secrets_args {
43fe83 
 };
43fe83
43fe83 
 struct remote_connect_list_all_secrets_ret {
43fe83 
-    remote_nonnull_secret secrets<>;
43fe83 
+    remote_nonnull_secret secrets<REMOTE_SECRET_LIST_MAX>;
43fe83 
     unsigned int ret;
43fe83 
 };
43fe83
43fe83 
--
43fe83 
1.8.3.2
43fe83

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation